Техническая информация
- '%WINDIR%\explorer.exe' /c, %TEMP%\300hddd.jS
- %TEMP%\300hddd.js
- 'public-trust.com':80
- http://oc##.#tartssl.com/sub/class2/code/ca/MEMwQTA%2FMD0wOzAJBgUrDgMCGgUABBQSOgrhRCSnWfKxoWTjWxhk8hga9AQU0E4PQJlsuEsZbzsouODjiAc0qrcCAhAV
- DNS ASK t6#######iusd.oktrabalhox021.ml
- DNS ASK oc##.#tartssl.com
- DNS ASK public-trust.com
- '<SYSTEM32>\wscript.exe' "%TEMP%\300hddd.Js"
- '<SYSTEM32>\wscript.exe' "%TEMP%\300hddd.Js"' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /S /D /c" sET/p 777hhii="%XXR:WWSS=%%SFFJJii:XXI=/%" 0<nul 1>%TEMP%\300hddd.Js 2>&1"
- '<SYSTEM32>\cmd.exe' /S /D /c" CAll %FFU:PPNN=% %TEMP%\300hddd.jS 2>&1"
- '<SYSTEM32>\cmd.exe' /S /D /c" exiT"