Техническая информация
- %TEMP%\ks2ied.exe
- '37.#.14.206':84
- '18#.#40.53.20':84
- 'ru####ectral.com':80
- http://ru####ectral.com/up/GamerLand.plg
- '18#.#40.53.20':84
- DNS ASK ru####ectral.com
- '%TEMP%\ks2ied.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAC0ARgBpAGwAZQBQAGEAdABoACAAIgBDADoAXABVAHMAZQByAHMAXAB1AHMAZQByAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABrAHMAMgBJAEUARAAuAGUAeABlACIA' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAC0ARgBpAGwAZQBQAGEAdABoACAAIgBDADoAXABVAHMAZQByAHMAXAB1AHMAZQByAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABrAHMAMgBJAEUARAAuAGUAeABlACIA