Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'fb97bd6e46b04530f55c2aae29ab1dc4' = '"%TEMP%\Paintoolsaimainframe.exe" ..'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'fb97bd6e46b04530f55c2aae29ab1dc4' = '"%TEMP%\Paintoolsaimainframe.exe" ..'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\Paintoolsaimainframe.exe' = '%TEMP%\Paintoolsaimainframe.exe:*:...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\Paintoolsaimainframe.exe" "Paintoolsaimainframe.exe" ENABLE
- <LS_APPDATA>\vnc.exe
- <LS_APPDATA>\sai-1.2.5-ful-en.exe
- <LS_APPDATA>\notepad.exe
- <LS_APPDATA>\lXyUiw
- %TEMP%\Paintoolsaimainframe.exe
- '24.##9.59.118':5552
- '<LS_APPDATA>\vnc.exe'
- '<LS_APPDATA>\sai-1.2.5-ful-en.exe'
- '%TEMP%\Paintoolsaimainframe.exe'
- '<SYSTEM32>\cmd.exe' /C REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /V notepad.exe /T REG_SZ /D <LS_APPDATA>\notepad.exe
- '<SYSTEM32>\reg.exe' ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /V notepad.exe /T REG_SZ /D <LS_APPDATA>\notepad.exe