Техническая информация
- '%TEMP%\now.exe'
- %TEMP%\now.exe
- 'mo####.duckdns.org':4000
- 'mo####.duckdns.org':1010
- http://mo####.duckdns.org:4000/ready via mo####.duckdns.org
- 'mo####.duckdns.org':1010
- DNS ASK mo####.duckdns.org
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -executionpolicy bypass -file "%TEMP%\1.ps1"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -executionpolicy bypass -file "%TEMP%\1.ps1"' (со скрытым окном)