Техническая информация
- %WINDIR%\tasks\shiftmaster.job
- [<HKLM>\System\CurrentControlSet\Services\Supportive Team] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Supportive Team] 'ImagePath' = '%APPDATA%\Supportive Team\Supportive Team.exe'
- %APPDATA%\supportive team\supportive team.exe
- %ALLUSERSPROFILE%\application data\{8dd36ab4-2fce-49e3-8dd3-36ab42fcaad0}\<Имя файла>.exe
- %ALLUSERSPROFILE%\application data\{8dd36ab4-2fce-49e3-8dd3-36ab42fcaad0}\<Имя файла>.dat
- %APPDATA%\supportive team\fba00.dat
- DNS ASK gr###model.biz
- DNS ASK al####el-pro.com
- DNS ASK ce####-ring.link
- DNS ASK ri###ynorth.biz
- '%APPDATA%\supportive team\supportive team.exe'