Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft® Windows® Operating System' = '%APPDATA%\rundll32.exe'
- '%APPDATA%\rundll32.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe' --url http://lt#.###tare.com:9332 --threads 1 --userpass intrinsicboss.420:x420
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\d.bat" "
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe
- AVP.EXE
- fsav32.exe
- outpost.exe
- smc.exe
- bdagent.exe
- zlclient.exe
- ClassName: '' WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: '' WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass' WindowName: ''
- ClassName: '' WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'GBDYLLO' WindowName: ''
- ClassName: 'OLLYDBG' WindowName: ''
- ClassName: 'FilemonClass' WindowName: ''
- ClassName: 'pediy06' WindowName: ''
- <Текущая директория>\d.bat
- %APPDATA%\rundll32.exe
- 'lt#.#attare.com':9332
- DNS ASK lt#.#attare.com
- ClassName: '18467-41' WindowName: ''
- ClassName: '' WindowName: 'Windows Task Manager'
- ClassName: 'Indicator' WindowName: ''