Техническая информация
- '<SYSTEM32>\WScript.exe' "<Текущая директория>\tem.vbs"
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\x102[1].exe
- <Текущая директория>\tem.vbs
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\jbist_[2018][1].exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\play_3022_25290[1].exe
- 'qq#####94.b.xundisk.net':80
- 'www.hu####-global.com':80
- 'ho##.yj005.com':80
- qq#####94.b.xundisk.net/x102.exe
- www.hu####-global.com/play_3022_25290.exe
- ho##.yj005.com/JBDownload/jbist_[2018].exe
- DNS ASK qq#####94.b.xundisk.net
- DNS ASK www.hu####-global.com
- DNS ASK ho##.yj005.com