Техническая информация
- '%APPDATA%\fxcorp.exe'
- '<SYSTEM32>\cmd.exe' /K "%APPDATA%\fxcorp.exe"
- '<SYSTEM32>\reg.exe' reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "03ff8741-0b3a-4dfd-94c7-5081bc02e0f2" /t REG_SZ /d "%APPDATA%\fxcorp.exe" & exit
- fxcorp.exe
- %APPDATA%\vp8encoder.dll
- %APPDATA%\rutserv.exe
- %APPDATA%\fxcorp.exe
- %APPDATA%\fxcorp.exe
- ClassName: '' WindowName: 'RMS_WND_HID'