Техническая информация
- %TEMP%\taskmgr.exe
- %TEMP%\Script.txt
- %TEMP%\RegisterKey.exe
- %TEMP%\tfvvv
- <SYSTEM32>\Client.exe
- %TEMP%\taskmgr.exe
- <SYSTEM32>\Client.exe
- 'bl######sec.serveirc.com':1515
- DNS ASK bl######sec.serveirc.com
- '%TEMP%\taskmgr.exe'
- '<SYSTEM32>\Client.exe'
- '<SYSTEM32>\notepad.exe' %TEMP%\Script.txt
- '<SYSTEM32>\cmd.exe' /C REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /V RegisterKey.exe /T REG_SZ /D %TEMP%\RegisterKey.exe
- '<SYSTEM32>\reg.exe' ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /V RegisterKey.exe /T REG_SZ /D %TEMP%\RegisterKey.exe