Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'frm_brandrith' = 'wscript "%HOMEPATH%\frm_Ransler3\frm_docosanoic.vbs"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'DarkComet RAT' = '%HOMEPATH%\Documents\DCSCMIN\IMDCSC.exe'
- [<HKLM>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UserInit' = '<SYSTEM32>\userinit.exe,%HOMEPATH%\Documents\DCSCMIN\IMDCSC.exe'
- %WINDIR%\win.ini
- frm_docosanoic.exe
- imdcsc.exe
- %HOMEPATH%\frm_ransler3\frm_docosanoic.exe
- %HOMEPATH%\frm_ransler3\frm_docosanoic.vbs
- %HOMEPATH%\documents\dcscmin\imdcsc.exe
- '%HOMEPATH%\frm_ransler3\frm_docosanoic.exe'
- '%HOMEPATH%\documents\dcscmin\imdcsc.exe'