Техническая информация
- '<SYSTEM32>\wscript.exe' %TEMP%\u8q4OSb.js
- %TEMP%\u8q4osb.js
- nul
- 'public-trust.com':80
- http://r9########.consultorial0xy1.store/?02#
- http://oc##.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D
- DNS ASK r9########.consultorial0xy1.store
- DNS ASK cl###flare.com
- DNS ASK oc##.thawte.com
- DNS ASK public-trust.com
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p iq2hSqx="%DIE:IJNNR=%%9ILqzv4:1MNUL=/%" 0<nul 1>%TEMP%\u8q4OSb%yifv%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" md \ |"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo stArt <SYSTEM32>\wsCript.eXe %TEMP%\u8q4OSb%yifv%s"
- '<SYSTEM32>\cmd.exe'