Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\System.lnk
- %HOMEPATH%\Start Menu\Programs\Startup\System.URL
- %HOMEPATH%\Start Menu\Programs\Startup\System.js
- %HOMEPATH%\Start Menu\Programs\Startup\System.exe
- %HOMEPATH%\Start Menu\Programs\Startup\System.vbs
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
- %TEMP%\vbc1.tmp
- %TEMP%\sb4eeor1.out
- %TEMP%\RES3.tmp
- %TEMP%\vbc2.tmp
- %TEMP%\sb4eeor1.cmdline
- %APPDATA%\System.exe
- %TEMP%\GVoqqNLCGR.txt
- %TEMP%\sb4eeor1.0.vb
- C:\RevengeRAT\Client.exe
- C:\RevengeRAT\Client.exe
- %HOMEPATH%\Start Menu\Programs\Startup\System.exe
- 'pr#####er930.ddns.net':1177
- DNS ASK pr#####er930.ddns.net
- '%APPDATA%\System.exe'
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES3.tmp" "%TEMP%\vbc2.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\sb4eeor1.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\CasPol.exe'