Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Monochordist' = '%TEMP%\Pack3.exe'
- %WINDIR%\Tasks\Monochordist.job
- %WINDIR%\win.ini
- <SYSTEM32>\svchost.exe
- %APPDATA%\sounds.dat
- %TEMP%\Pack3.exe
- %TEMP%\~DF5AE5.tmp
- %APPDATA%\sounds.dat
- 'gr###.punkdns.top':7070
- 'gr###.punkdns.top':5050
- DNS ASK gr###.punkdns.top
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Monochordist" /f /t REG_SZ /d "%TEMP%\Pack3.exe
- '<SYSTEM32>\schtasks.exe' /Create /SC HOURLY /MO 12 /TN "Monochordist" /TR "reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "\""Monochordist"\"" /f /t REG_SZ /d "\""%TEMP%\Pack3.exe" /RU SYSTEM
- '<SYSTEM32>\schtasks.exe' /run /tn "Monochordist"