Техническая информация
- <SYSTEM32>\tasks\windowsapppool\apppool
- %ProgramFiles(x86)%\steam\config\config.vdf
- %ProgramFiles(x86)%\steam\config\dialogconfig.vdf
- %LOCALAPPDATA%\google\chrome\user data\default\cookies
- %LOCALAPPDATA%\google\chrome\user data\default\login data
- %LOCALAPPDATA%\google\chrome\user data\default\web data
- %APPDATA%\opera software\opera stable\login data
- %ALLUSERSPROFILE%\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\policy.vpol
- %ALLUSERSPROFILE%\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\3ccd5499-87a8-4b10-a215-608888dd3b55.vsch
- %ALLUSERSPROFILE%\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\2f1a6504-0641-44cf-8bb5-3612d865f2e5.vsch
- %LOCALAPPDATA%\microsoft\vault\4bf4c442-9b8a-41a0-b380-dd4a704ddb28\policy.vpol
- %TEMP%\jicfkkde.exe
- http://18#.#05.210.172/cfg/
- http://18#.#05.210.172/log/
- http://18#.#05.210.172/loader/complete/
- '%WINDIR%\syswow64\cmd.exe' /c schtasks /create /F /sc minute /mo 1 /tn "\WindowsAppPool\AppPool" /tr "%TEMP%\JICfkKdE.exe"' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c schtasks /create /F /sc minute /mo 1 /tn "\WindowsAppPool\AppPool" /tr "%TEMP%\JICfkKdE.exe"
- '%WINDIR%\syswow64\schtasks.exe' /create /F /sc minute /mo 1 /tn "\WindowsAppPool\AppPool" /tr "%TEMP%\JICfkKdE.exe"
- '<SYSTEM32>\taskeng.exe' {D1BC8B45-C27B-4923-AD23-B68F9495661A} S-1-5-21-1960123792-2022915161-3775307078-1001:bxbkuztpagal\user:Interactive:[1]