Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'servicemanager' = 'service.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'servicemanager' = 'service.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'servicemanager' = 'service.exe'
- '<SYSTEM32>\service.exe' 320 "%TEMP%\798.exe"
- '%TEMP%\798.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram RIOTBOT.exe RIOTBOT ENABLE
- <SYSTEM32>\service.exe
- %TEMP%\798.exe
- <SYSTEM32>\service.exe
- %TEMP%\798.exe
- 'ir#.##zteberabim.de':6667
- DNS ASK ir#.##zteberabim.de
- ClassName: 'Indicator' WindowName: '(null)'