Техническая информация
- '%WINDIR%\explorer.exe' /c, %TEMP%\2666999.jS
- %TEMP%\2666999.js
- http://oc##.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D
- DNS ASK et######raams.evokgtis.gq
- DNS ASK oc##.thawte.com
- '<SYSTEM32>\wscript.exe' "%TEMP%\2666999.Js"
- '<SYSTEM32>\wscript.exe' "%TEMP%\2666999.Js"' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /S /D /c" sET/p dddaaaa="%PPP:LLXX=%%UUUUFFF:UUY=/%" 0<nul 1>%TEMP%\2666999.Js 2>&1"
- '<SYSTEM32>\cmd.exe' /S /D /c" CAll %KPP:ZZZZ=% %TEMP%\2666999.jS 2>&1"
- '<SYSTEM32>\cmd.exe' /S /D /c" exiT"