Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Client Monitor' = 'cmd /c "start "Client Monitor" "%ProgramFiles%\Client\client.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'AVfNZA' = 'C:\AVfNZAAVfNZA\AVfNZA.vbs'
- '<SYSTEM32>\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """%ProgramFiles%\Client\client.exe"""" /f"
- '<SYSTEM32>\schtasks.exe' /create /NP /sc onlogon /tn "Client Monitor" /rl highest /tr "'%ProgramFiles%\Client\client.exe' /startup" /f
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe'
- '%APPDATA%\rat6u\gtri0.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe'
- <SYSTEM32>\reg.exe
- %ProgramFiles%\Client\client.exe
- C:\AVfNZAAVfNZA\AVfNZA.exe
- %APPDATA%\Monitor\Screenshots\01-28-2017\5.44 AM
- %ProgramFiles%\Client\client.exe.config
- C:\AVfNZAAVfNZA\x
- %APPDATA%\rat6u\x
- %APPDATA%\rat6u\gtri0.exe
- C:\AVfNZAAVfNZA\AVfNZA.vbs
- %APPDATA%\AVfNZA
- 'www.dr##box.com':443
- '17#.#75.138.146':8943
- 'localhost':1038
- DNS ASK www.dr##box.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''