Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'AdVantage' = '%APPDATA%\advantage\AdVantage.exe'
- '<SYSTEM32>\systeminfo.exe'
- '<SYSTEM32>\cmd.exe' /C SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && DEL "<Полный путь к файлу>"
- %APPDATA%\advantage\AdVantage.exe
- %APPDATA%\Microsoft\Sze\hqhmp
- ClassName: '50972' WindowName: '28 656'
- ClassName: '4552' WindowName: '7 8341'
- ClassName: ' 56 6 ' WindowName: ' 4'
- ClassName: '1428 ' WindowName: ' 4'
- ClassName: '8551' WindowName: '8551'
- ClassName: ' 9 229 ' WindowName: '61'
- ClassName: '8' WindowName: ' 9 229 '
- ClassName: '1428 ' WindowName: '7'
- ClassName: '4552' WindowName: '77 4 0 '
- ClassName: '2 7090' WindowName: '7'
- ClassName: '77 2 0' WindowName: '63807 54'
- ClassName: '90' WindowName: '6 6 '
- ClassName: '2 7090' WindowName: '71 66'
- ClassName: '42126 22' WindowName: '6583 136'
- ClassName: ' 29 ' WindowName: '77 2 4'
- ClassName: '4' WindowName: '4'
- ClassName: ' 908' WindowName: '42126 22'
- ClassName: '50972' WindowName: '94'
- ClassName: ' 8 84608' WindowName: ' 91 004'
- ClassName: '505 8677 ' WindowName: '505 8677 '