Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -EncodedCommand "JgAiACQAKABbAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBHAGUAdABGAG8AbABkAGUAcgBQAGEAdABoACgAJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4ARABhAHQAYQAnACkAIAArACAAJwBcAGgAYQB2AGUAXwBmAHUAbgAuAHAA...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -NoExit -EncodedCommand "JgAiACQAKABbAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBHAGUAdABGAG8AbABkAGUAcgBQAGEAdABoACgAJwBBAHAAcABsAGkAYwBhAHQAa...
- %APPDATA%\tree.txt
- %APPDATA%\have_fun.ps1
- %APPDATA%\treeornamenter.exe
- 'gi##ub.com':443
- DNS ASK gi##ub.com
- '%APPDATA%\treeornamenter.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -NoExit -EncodedCommand "JgAiACQAKABbAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBHAGUAdABGAG8AbABkAGUAcgBQAGEAdABoACgAJwBBAHAAcABsAGkAYwBhAHQAa...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -EncodedCommand "JgAiACQAKABbAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBHAGUAdABGAG8AbABkAGUAcgBQAGEAdABoACgAJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4ARABhAHQAYQAnACkAIAArACAAJwBcAGgAYQB2AGUAXwBmAHUAbgAuAHAA...' (со скрытым окном)