Техническая информация
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'RageMP131' = '%LOCALAPPDATA%\RageMP131\RageMP131.exe'
- <SYSTEM32>\tasks\mpgph131 hr
- <SYSTEM32>\tasks\mpgph131 lg
- %LOCALAPPDATA%\ragemp131\ragemp131.exe
- %ALLUSERSPROFILE%\mpgph131\mpgph131.exe
- %TEMP%\rage131mp.tmp
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- '19#.#33.132.74':58709
- 'ip##fo.io':443
- 'db##p.com':443
- 'pk#.goog':80
- 'microsoft.com':80
- 'ma##ind.com':80
- http://pk#.goog/gsr1/gsr1.crt
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://www.ma##ind.com/geoip/v2.1/city/me
- '19#.#33.132.74':58709
- 'ip##fo.io':443
- 'db##p.com':443
- DNS ASK ip##fo.io
- DNS ASK db##p.com
- DNS ASK pk#.goog
- DNS ASK ma##ind.com
- '%WINDIR%\syswow64\schtasks.exe' /create /f /RU "user" /tr "%ALLUSERSPROFILE%\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
- '%WINDIR%\syswow64\schtasks.exe' /create /f /RU "user" /tr "%ALLUSERSPROFILE%\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST