Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Consent UI' = '%APPDATA%\consent.exe'
- '%APPDATA%\consent.exe'
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Consent UI" /t REG_SZ /d "%APPDATA%\consent.exe" /f
- '<SYSTEM32>\taskkill.exe' /f /im rundll32.exe
- '<SYSTEM32>\attrib.exe' +s +h +r "%APPDATA%\settings.dat"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\7ZipSfx.000\cnsnt.bat" "
- '<SYSTEM32>\attrib.exe' +s +h +r "%APPDATA%\consent.exe"
- %APPDATA%\consent.exe
- %APPDATA%\settings.dat
- %APPDATA%\RUT_settings\Logs\rms_log_2017-12.html
- %TEMP%\7ZipSfx.000\cnsnt.bat
- %TEMP%\7ZipSfx.000\consent.dat
- %TEMP%\7ZipSfx.000\settings.dat
- %APPDATA%\settings.dat
- %APPDATA%\consent.exe
- 'hx#.pw':5655
- 'ru##ls.com':80
- http://ru##ls.com/utils/inet_id_notify.php?te####
- DNS ASK hx#.pw
- DNS ASK ru##ls.com
- ClassName: '' WindowName: ''