Техническая информация
- '%TEMP%\conwur.exe'
- '<SYSTEM32>\taskhost.exe'
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\1405UKdw[1].enc
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\1405UKdw[1].enc
- %TEMP%\conwur.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\1405UKdw[1].enc
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\1405UKdw[1].enc
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\1405UKdw[1].enc
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\1405UKdw[1].enc
- 'dj###son.com':80
- 'el#####rprisesinc.com':80
- dj###son.com/css/1405UKdw.enc
- el#####rprisesinc.com/wp-content/uploads/2014/05/1405UKdw.enc
- DNS ASK dj###son.com
- DNS ASK el#####rprisesinc.com