Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD JABNAGIAOQBpAHkAdQBuAD0AKAAoACcASwBvADcAJwArACcAcgBqACcAKQArACcAMAA3ACcAKQA7ACQARABrAGEAeAAyADYAdAA9ACQAKABbAGMAaABhAHIAXQA0ADIAKQA7ACQAQQBpADgAOABrAGkAaQA9ACgAKAAnAFAAZg...
- %HOMEPATH%\dw_mmmq\z4u_hm0\rcfr6gr1y.exe
- %HOMEPATH%\dw_mmmq\z4u_hm0\rcfr6gr1y.exe
- http://gu##ees.com/wp-content/uploads/ezsJ/
- http://th####pply.co.uk/indexing/fO/
- http://ma####ottrade.su/
- http://al####nabismeds.com/unraid-map/73m/
- DNS ASK gu##ees.com
- DNS ASK th####pply.co.uk
- DNS ASK ma####ottrade.su
- DNS ASK go#####sseminary.org
- DNS ASK pm####olutions.com
- DNS ASK al####nabismeds.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD JABNAGIAOQBpAHkAdQBuAD0AKAAoACcASwBvADcAJwArACcAcgBqACcAKQArACcAMAA3ACcAKQA7ACQARABrAGEAeAAyADYAdAA9ACQAKABbAGMAaABhAHIAXQA0ADIAKQA7ACQAQQBpADgAOABrAGkAaQA9ACgAKAAnAFAAZg...' (со скрытым окном)