Техническая информация
- '<SYSTEM32>\wscript.exe' %TEMP%\wHy.js
- %TEMP%\why.js
- http://y5######m6.hydrateck.com.de/?1/
- DNS ASK y5######m6.hydrateck.com.de
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p D16ZB="%KLUO:t2Sy=%%JFKW:GXZDK=/%" 0<nul 1>%TEMP%\wHy%AZB%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" md \ |"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo stArt <SYSTEM32>\wsCript.eXe %TEMP%\wHy%AZB%s"
- '<SYSTEM32>\cmd.exe'