Техническая информация
- '<SYSTEM32>\cmd.exe' /k powershell.exe -noprofile -ExecutionPolicy UnRestricted -EncodedCommand YwBhAGwAYwAuAGUAeABlAA==
- '34.##9.100.209':443
- '<SYSTEM32>\cmd.exe' /k powershell.exe -noprofile -ExecutionPolicy UnRestricted -EncodedCommand YwBhAGwAYwAuAGUAeABlAA==' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noprofile -ExecutionPolicy UnRestricted -EncodedCommand YwBhAGwAYwAuAGUAeABlAA==
- '<SYSTEM32>\calc.exe'