Technical Information
- User Account Control (UAC)
- '<SYSTEM32>\taskkill.exe' /f /im rutserv.exe
- '<SYSTEM32>\taskkill.exe' /IM 1.exe /T /F
- '<SYSTEM32>\taskkill.exe' /f /im Rar.exe
- C:\rdp\Rar.exe
- C:\rdp\db.rar
- %TEMP%\RarSFX0\R.vbs
- C:\rdp\run.vbs
- C:\rdp\pause.bat
- C:\Programdata\Microsoft\TaskList\whitelist.cfg
- C:\Programdata\Microsoft\TaskList\folders.cfg
- %TEMP%\F.tmp\10.bat
- C:\Programdata\Microsoft\TaskList\System.exe
- %TEMP%\RarSFX0\M.exe
- C:\Programdata\Install\st.bat
- C:\Programdata\Microsoft\temp\Clean.bat
- %TEMP%\autE.tmp
- C:\Programdata\Microsoft\temp\5.xml
- C:\Programdata\Install\R.exe
- C:\Programdata\Microsoft\temp\Clean.vbs
- C:\Programdata\Install\st.vbs
- C:\Programdata\Microsoft\temp\H.bat
- C:\Programdata\Microsoft\temp\Temp.bat
- %TEMP%\aut12.tmp
- C:\Programdata\Microsoft\Intel\Vegas.exe
- C:\Programdata\Microsoft\Intel\Cheat32.exe
- C:\Programdata\Windows\install.vbs
- C:\Programdata\Microsoft\rootsystem\1.exe
- C:\Programdata\Microsoft\Intel\OS.bat
- %TEMP%\dw.log
- %TEMP%\499FA.dmp
- %TEMP%\13.tmp\14.bat
- C:\Programdata\Microsoft\rootsystem\passwords.txt
- C:\Programdata\Microsoft\Intel\Cheat64.exe
- C:\Programdata\Windows\rfusclient.exe
- C:\Programdata\Microsoft\rootsystem\P.exe
- C:\Programdata\Microsoft\Intel\Vegas.sfx.exe
- C:\Programdata\Windows\install.bat
- C:\Programdata\Microsoft\rootsystem\P.vbs
- C:\Programdata\Windows\vp8encoder.dll
- C:\Programdata\Windows\regedit.reg
- C:\Programdata\Windows\rutserv.exe
- C:\Programdata\Windows\vp8decoder.dll
- C:\Programdata\Microsoft\Intel\inet.exe
- C:\Programdata\Microsoft\Intel\smss64.exe
- %TEMP%\aut6.tmp
- C:\Programdata\WindowsTask\OpenCL.DLL
- C:\Programdata\Microsoft\Intel\L.bat
- C:\Programdata\Microsoft\Intel\REG.VBS
- C:\Programdata\Microsoft\Intel\MOS.exe
- C:\Programdata\Microsoft\Intel\fake.vbs
- C:\Programdata\Microsoft\Intel\test.reg
- C:\Programdata\System32\logs\svchost.exe
- %TEMP%\aut2.tmp
- C:\Programdata\Microsoft\Intel\winit.exe
- %TEMP%\aut1.tmp
- C:\Programdata\Microsoft\Intel\Cheat.exe
- %TEMP%\aut3.tmp
- C:\Programdata\Microsoft\Check\Check.txt
- %TEMP%\aut5.tmp
- C:\Programdata\Microsoft\Intel\Logs.exe
- %TEMP%\aut4.tmp
- C:\Programdata\Microsoft\Intel\P.exe
- %TEMP%\aut9.tmp
- C:\Programdata\SystemIdle.exe
- %TEMP%\aut8.tmp
- C:\Programdata\Iostream.exe
- %TEMP%\autA.tmp
- %TEMP%\autC.tmp
- %TEMP%\autD.tmp
- C:\Programdata\System Idle.exe
- %TEMP%\autB.tmp
- C:\Programdata\olly.exe
- C:\Programdata\Microsoft\Intel\svchost.exe
- C:\Programdata\Microsoft\Intel\System.exe
- C:\Programdata\Microsoft\Intel\R.exe
- C:\Programdata\Microsoft\Intel\R8.exe
- C:\Programdata\Microsoft\Intel\taskhost.exe
- C:\Programdata\Microsoft\Intel\winlogon.exe
- %TEMP%\aut7.tmp
- C:\Programdata\Microsoft\Intel\Temp.exe
- C:\Programdata\Microsoft\Intel\Vega.exe
- %TEMP%\autB.tmp
- %TEMP%\autA.tmp
- %TEMP%\aut9.tmp
- %TEMP%\autC.tmp
- %TEMP%\aut12.tmp
- %TEMP%\autE.tmp
- %TEMP%\autD.tmp
- %TEMP%\aut8.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\aut4.tmp
- %TEMP%\aut7.tmp
- %TEMP%\aut6.tmp
- %TEMP%\aut5.tmp
- ClassName: '' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- 'C:\Programdata\Microsoft\TaskList\System.exe'
- 'C:\Programdata\Microsoft\Intel\P.exe'
- 'C:\Programdata\Microsoft\Intel\Vegas.sfx.exe' -p123
- 'C:\Programdata\Microsoft\Intel\Vega.exe'
- 'C:\Programdata\Microsoft\Intel\System.exe'
- '<SYSTEM32>\wscript.exe' "C:\rdp\run.vbs"
- 'C:\Programdata\Install\R.exe' -p123
- 'C:\Programdata\Microsoft\Intel\Vegas.exe'
- '<SYSTEM32>\wscript.exe' "c:\Programdata\Windows\Install.vbs"
- 'C:\Programdata\Microsoft\rootsystem\1.exe' /LoadPasswordsIE=1 /LoadPasswordsFirefox=1 /LoadPasswordsChrome=1 /LoadPasswordsOpera=1 /LoadPasswordsSafari=1 /LoadPasswordsSeaMonkey=1 /LoadPasswordsYandex=1 /stext passwords.txt
- '<SYSTEM32>\wscript.exe' "c:\programdata\microsoft\rootsystem\P.vbs"
- '%TEMP%\RarSFX0\M.exe'
- 'C:\Programdata\Microsoft\rootsystem\P.exe'
- 'C:\Programdata\Microsoft\Intel\taskhost.exe'
- '<SYSTEM32>\wscript.exe' "c:\programdata\microsoft\intel\REG.vbs"
- 'C:\Programdata\Microsoft\Intel\Cheat.exe' -p123
- 'C:\Programdata\Microsoft\Intel\svchost.exe'
- '<SYSTEM32>\wscript.exe' "c:\programdata\microsoft\intel\fake.vbs"
- 'C:\Programdata\Microsoft\Intel\winit.exe' -p123
- 'C:\Programdata\Microsoft\Intel\Logs.exe' -p123
- 'C:\Programdata\Microsoft\Intel\inet.exe'
- '<SYSTEM32>\wscript.exe' "c:\programdata\microsoft\temp\Clean.vbs"
- 'C:\Programdata\Microsoft\Intel\R8.exe'
- 'C:\Programdata\Microsoft\Intel\winlogon.exe'
- '<SYSTEM32>\wscript.exe' "C:\Programdata\Install\st.vbs"
- 'C:\Programdata\Microsoft\Intel\Temp.exe'
- 'C:\Programdata\Microsoft\Intel\R.exe'
- 'C:\Programdata\Microsoft\Intel\MOS.exe'
- '<SYSTEM32>\cmd.exe' /c c:\programdata\microsoft\rootsystem\1.exe /LoadPasswordsIE=1 /LoadPasswordsFirefox=1 /LoadPasswordsChrome=1 /LoadPasswordsOpera=1 /LoadPasswordsSafari=1 /LoadPasswordsSeaMonkey=1 /LoadPasswo...
- '<SYSTEM32>\cmd.exe' /c ""c:\ProgramData\microsoft\Temp\Clean.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\13.tmp\14.bat" c:\Programdata\Microsoft\Intel\Vegas.exe"
- '<SYSTEM32>\cmd.exe' /c ""c:\Programdata\Windows\install.bat" "
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 548
- '<SYSTEM32>\sc.exe' delete swprv
- '<SYSTEM32>\cmd.exe' /c C:\programdata\microsoft\temp\Temp.bat
- '<SYSTEM32>\cmd.exe' /c ""c:\ProgramData\Install\st.bat" "
- '%WINDIR%\regedit.exe' /s C:\ProgramData\Microsoft\Intel\test.reg
- '<SYSTEM32>\cmd.exe' /c ""c:\programdata\microsoft\intel\L.bat" "
- '<SYSTEM32>\cmd.exe' /c C:\programdata\microsoft\temp\H.bat
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\F.tmp\10.bat" C:\ProgramData\Microsoft\Intel\winlogon.exe"
- '<SYSTEM32>\cmd.exe' /c ""C:\rdp\pause.bat" "