Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Discovery User Input' = 'C:\Discovery\User Input\userin32.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\CentennialClientAgent] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\CentennialIPTransferAgent] 'Start' = '00000002'
- C:\CENTENN.IAL\AUDIT\xferwan.exe -i -s
- C:\CENTENN.IAL\AUDIT\cagent32.exe /install /start
- C:\CENTENN.IAL\AUDIT\lpamd64.exe
- C:\CENTENN.IAL\AUDIT\lpx86.exe
- C:\CENTENN.IAL\AUDIT\security.xml
- C:\CENTENN.IAL\AUDIT\csetup.ini
- C:\CENTENN.IAL\AUDIT\xferwan.log
- C:\Discovery\User Input\userin32.exe
- C:\CENTENN.IAL\AUDIT\kc-pub.pem
- C:\CENTENN.IAL\AUDIT\client1.log
- C:\CENTENN.IAL\AUDIT\xferwan.ini
- C:\CENTENN.IAL\AUDIT\cagent32.exe
- C:\CENTENN.IAL\AUDIT\cagent.bin
- %WINDIR%\csetup1.log
- %TEMP%\csetup.ini
- C:\CENTENN.IAL\AUDIT\userinp.dat
- C:\CENTENN.IAL\AUDIT\xferwan.exe
- C:\CENTENN.IAL\AUDIT\client.xml
- C:\CENTENN.IAL\AUDIT\userin32.exe