Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'System Binary Files' = 'cmd /c "start "System Binary Files" "%ProgramFiles%\Game Exploit by AmazChavez42\sysbin.exe"'
- '<SYSTEM32>\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "System Binary Files" /d "cmd /c """start """System Binary Files""" """%ProgramFiles%\Game Exploit by AmazChavez42\sysbin.exe""""...
- '<SYSTEM32>\schtasks.exe' /create /tn "System Binary Files" /tr "'%ProgramFiles%\Game Exploit by AmazChavez42\sysbin.exe' /startup" /sc MINUTE /f /rl highest
- <SYSTEM32>\schtasks.exe
- %APPDATA%\Monitor\Screenshots\03-22-2017\12.12 PM
- из <Полный путь к файлу> в %ProgramFiles%\Game Exploit by AmazChavez42\sysbin.exe
- '10#.#1.174.127':42042
- 'my######got.strangled.net':42042
- DNS ASK my######got.strangled.net