Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'WinRAR-Extracter' = '%TEMP%\WinRAR\WinRAR-Extracter.vbs'
- winrar-extracter.exe
- %TEMP%\winrar\winrar-extracter.exe
- %TEMP%\winrar\winrar-extracter.vbs
- %TEMP%\winrar\settings.ini
- %TEMP%\winrar\settings.ini
- DNS ASK xm##host.ru
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\WinRAR\WinRAR-Extracter.vbs"
- '%TEMP%\winrar\winrar-extracter.exe'
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\WinRAR\WinRAR-Extracter.vbs"' (со скрытым окном)