Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'e87266aae0fc2bd88f4730e58eeff627' = '"%TEMP%\System x32.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'e87266aae0fc2bd88f4730e58eeff627' = '"%TEMP%\System x32.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\e87266aae0fc2bd88f4730e58eeff627.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\System x32.exe' = '%TEMP%\System x32.exe:*:Enabled:System x32.e...
- '%TEMP%\System x32.exe'
- '%TEMP%\System x32.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\System x32.exe" "System x32.exe" ENABLE
- '<SYSTEM32>\schtasks.exe' /Create /TN "Update\system x32" /XML "%TEMP%\aAAAAA.xml"
- '<SYSTEM32>\schtasks.exe' /Create /TN "Update\system x32" /XML "%TEMP%\alllll.xml"
- %TEMP%\System x32.exe
- %TEMP%\alllll.xml
- %TEMP%\system x32
- %TEMP%\aAAAAA.xml
- %TEMP%\alllll.xml
- %TEMP%\aAAAAA.xml
- 'si#####o84.no-ip.org':1177
- DNS ASK si#####o84.no-ip.org
- ClassName: 'Indicator' WindowName: ''