Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'natas_' = 'wscript "%HOMEPATH%\Amers_\unchs_.vbs"'
- %WINDIR%\win.ini
- unchs_.exe
- %HOMEPATH%\amers_\unchs_.exe
- %HOMEPATH%\amers_\unchs_.vbs
- DNS ASK dd##.##ivatethings.xyz
- '%HOMEPATH%\amers_\unchs_.exe'