Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Miсrоsoft ® Windоws Based Scriрt Hоst' = '%APPDATA%\Windows Script Invoker\pscript.exe'
- %APPDATA%\Windows Script Invoker\pscript.exe
- '4f######4pyqdpfu.onion.link':443
- 'ap#.#pify.org':443
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK 4f######4pyqdpfu.onion.link
- DNS ASK ap#.#pify.org
- DNS ASK wp#d
- '%APPDATA%\Windows Script Invoker\pscript.exe'