Техническая информация
- '<SYSTEM32>\wscript.exe' %TEMP%\IFP.js
- %TEMP%\ifp.js
- http://bw###.#n01jmcc0ar.fun/?1/
- DNS ASK bw###.#n01jmcc0ar.fun
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p DG38M="%QVSA:nVyS=%%FJTF:RCBQS=/%" 0<nul 1>%TEMP%\IFP%MNZ%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" md \ |"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo stArt <SYSTEM32>\wsCript.eXe %TEMP%\IFP%MNZ%s"
- '<SYSTEM32>\cmd.exe'