Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] 'Yitl' = '%LOCALAPPDATA%\Yitl\Yitl.hta'
- %LOCALAPPDATA%\yitl\yitlset.exe
- %LOCALAPPDATA%\yitl\yitl.hta
- %APPDATA%\remcos\logs.dat
- 'drive.google.com':443
- 'do#########ocs.googleusercontent.com':443
- '79.##4.225.26':6666
- DNS ASK drive.google.com
- DNS ASK do#########ocs.googleusercontent.com
- '%ProgramFiles(x86)%\internet explorer\ieinstal.exe'