Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Security Updater' = '%ALLUSERSPROFILE%\Application Data\Programs\MicrosoftSecurityClient.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Security Updater' = '%ALLUSERSPROFILE%\Application Data\Programs\MicrosoftSecurityClient.exe'
- '%ALLUSERSPROFILE%\Application Data\Programs\Defrag.exe' ag*erhs*t me i1 1: DCc\monuseatd Snt iegt\nRsXUMNVYAAp\ipalicntDot \aoaiMlz\liaeFor\frxfPlosiced\twyg.0e8adlf uCt\ o:uDectm nns aedtSntsiUgN\YRAX\MoVaL celtSntsiAgp\ipalicntDot \aoagGeoClr\mh\oserUDet \aeaaDlf uhtt :t/pl/k1.inegio/lo/gethesis on testing application
- '%ALLUSERSPROFILE%\Application Data\Programs\Defrag.exe' ag*erhs*t me i1 1: DCc\monuseatd Snt iegt\nRsXUMNVYAAp\ipalicntDot \aoaiMlz\liaeFor\frxfPlosiced\twyg.0e8adlf uCt\ o:uDectm nns aedtSntsiUgN\YRAX\MoVaL celtSntsiAgp\ipalicntDot \aoagGeoClr\mh\oserUDet \aeaaDlf uhtt :t/pl/k1.inegio/lo/ge
- '%ALLUSERSPROFILE%\Application Data\Programs\MicrosoftSecurityClient.exe'
- <LS_APPDATA>\cg.am
- <LS_APPDATA>\nd.am
- <LS_APPDATA>\hd.am
- %ALLUSERSPROFILE%\Application Data\Programs\MicrosoftSecurityClient.exe
- %ALLUSERSPROFILE%\Application Data\Programs\advapi32.dll
- %ALLUSERSPROFILE%\Application Data\Programs\Defrag.exe
- 'localhost':1036
- ClassName: 'Indicator' WindowName: '(null)'