Техническая информация
- '<SYSTEM32>\wscript.exe' %TEMP%\4t0.js
- %TEMP%\4t0.js
- '2v###.6pnc3461.ink':80
- DNS ASK 2v###.6pnc3461.ink
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p EUHDA="%KHXU:mQVZ=%%9DVK:EGURO=/%" 0<nul 1>%TEMP%\4t0%GVP%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" md \ |"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo stArt wsCript.eXe %TEMP%\4t0%GVP%s"
- '<SYSTEM32>\cmd.exe'