Техническая информация
- '<SYSTEM32>\wscript.exe' %TEMP%\IG9.js
- %TEMP%\ig9.js
- http://t8####.g5q7eqyg.email/?2/
- DNS ASK t8####.g5q7eqyg.email
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p GJMIT="%OOEU:9bOd=%%VSQM:ZMKHW=/%" 0<nul 1>%TEMP%\IG9%XJH%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" md \ |"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo stArt wsCript.eXe %TEMP%\IG9%XJH%s"
- '<SYSTEM32>\cmd.exe'