Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MLWvCYewGd' = 'C:\Users\Public\MLWvCYewGd.vbs'
- %WINDIR%\syswow64\dllhost.exe
- %HOMEPATH%\ssh-keyscan\rdrleakdiag.bat
- C:\users\public\mlwvcyewgd.vbs
- DNS ASK hi####.sakananoko.io
- '%WINDIR%\syswow64\dllhost.exe'