Техническая информация
- [<HKLM>\SOFTWARE\Classes\chkfile\shell\open\command] '' = '"%TEMP%\LXuR8UOjod.exe" "%1"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'DataStore' = 'Rundll32 Shell32.dll,ShellExec_RunDLL %WINDIR%\SoftwareDistribution\DataStore\Logs\edb.chk'
- <SYSTEM32>\netsh.exe advfirewall firewall add rule name=InH dir=in action=allow protocol=TCP localport=54321
- <SYSTEM32>\netsh.exe advfirewall firewall add rule name=InS dir=in action=allow protocol=TCP localport=13579
- <SYSTEM32>\taskmgr.exe <Полный путь к вирусу>
- %TEMP%\LXuR8UOjod.exe
- ClassName: 'Indicator' WindowName: ''