Техническая информация
- '<SYSTEM32>\wscript.exe' %TEMP%\RwA.js
- %TEMP%\rwa.js
- http://jw###.#kfaz6ekw.press/?1/
- DNS ASK jw###.#kfaz6ekw.press
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p 703IN="%YGWM:bicU=%%S82M:WYDYL=/%" 0<nul 1>%TEMP%\RwA%EMX%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" md \ |"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo stArt <SYSTEM32>\wsCript.eXe %TEMP%\RwA%EMX%s"
- '<SYSTEM32>\cmd.exe'