Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Ltqvsci' = 'C:\Users\Public\Libraries\icsvqtL.url'
- <SYSTEM32>\mobsync.exe
- C:\users\public\libraries\ltqvsci\ltqvsci.exe
- C:\users\public\libraries\icsvqtl.url
- C:\users\public\kdeco.bat
- C:\users\public\uko.bat
- C:\users\public\trast.bat
- C:\users\public\nest
- C:\users\public\nest.bat
- C:\users\public\kdeco.bat
- C:\users\public\uko.bat
- C:\users\public\trast.bat
- C:\users\public\nest.bat
- 'on####ve.live.com':443
- 'oq####.#n.files.1drv.com':443
- 'nn###y.ddns.net':5367
- 'on####ve.live.com':443
- 'oq####.#n.files.1drv.com':443
- DNS ASK on####ve.live.com
- DNS ASK oq####.#n.files.1drv.com
- DNS ASK nn###y.ddns.net
- '<SYSTEM32>\cmd.exe' /c ""C:\Users\Public\Trast.bat" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""C:\Users\Public\nest.bat" "' (со скрытым окном)
- '<SYSTEM32>\mobsync.exe'
- '<SYSTEM32>\cmd.exe' /c ""C:\Users\Public\Trast.bat" "
- '<SYSTEM32>\cmd.exe' /K C:\Users\Public\UKO.bat
- '<SYSTEM32>\reg.exe' delete hkcu\Environment /v windir /f
- '<SYSTEM32>\reg.exe' add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\KDECO.bat reg delete hkcu\Environment /v windir /f && REM "
- '<SYSTEM32>\schtasks.exe' /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /I
- '<SYSTEM32>\cmd.exe' /c ""C:\Users\Public\nest.bat" "