Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'AutomaticUpdate' = '%APPDATA%\Microsoft\log\AutoUpdate.exe'
- Отключает уведомления панели задач
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram program = STcONaURjstoJeQ(uMqeEfSfaGeNmho("yJmAEIBBXdvRXSFRGegUiJnA")) name = STcONaURjstoJeQ(uMqeEfSfaGeNmho("XQ0V1bwVGZ0FQZ==")) mode = ENABLE
- '<SYSTEM32>\cmd.exe' /c netsh firewall add allowedprogram program = STcONaURjstoJeQ(uMqeEfSfaGeNmho("yJmAEIBBXdvRXSFRGegUiJnA")) name = STcONaURjstoJeQ(uMqeEfSfaGeNmho("XQ0V1bwVGZ0FQZ==")) mode = ENABLE
- %APPDATA%\Microsoft\log\AutomaticUpdate.exe
- %TEMP%\ukwsxya
- %TEMP%\aut1.tmp
- %TEMP%\ukwsxya
- %TEMP%\aut1.tmp
- 'rg##st.net':80
- http://rg##st.net/download/8xDcgyt9X/07429996f548593bc02d50805ac1c17020b2c35d/overflow.exe
- DNS ASK rg##st.net
- ClassName: 'BUTTON' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''