Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Security notification' = '%APPDATA%\Windows Security notification.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\windows security notification.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\windows security notification.lnk
- <SYSTEM32>\tasks\windows security notification.exe
- %TEMP%\setup.exe
- %TEMP%\rebg.exe
- %TEMP%\is-gtlj5.tmp\setup.tmp
- %TEMP%\is-07sad.tmp\_isetup\_setup64.tmp
- %APPDATA%\windows security notification.exe
- %TEMP%\rebg.exe
- %APPDATA%\windows security notification.exe
- 'te###.linkpc.net':333
- 'te###.hopto.org':333
- DNS ASK te###.linkpc.net
- DNS ASK te###.hopto.org
- '%TEMP%\rebg.exe'
- '%TEMP%\setup.exe'
- '%TEMP%\is-gtlj5.tmp\setup.tmp' /SL5="$60240,5179847,721408,%TEMP%\Setup.exe"
- '%APPDATA%\windows security notification.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 5 /tn "Windows Security notification.exe" /tr "%APPDATA%\Windows Security notification.exe"' (со скрытым окном)
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 5 /tn "Windows Security notification.exe" /tr "%APPDATA%\Windows Security notification.exe"