Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SysHelper' = '"<LS_APPDATA>\459066ef-f0cf-4d5d-8c2c-0c0edf22007c\<File name>.exe" --AutoStart'
- <SYSTEM32>\tasks\time trigger task
- <LS_APPDATA>\459066ef-f0cf-4d5d-8c2c-0c0edf22007c\<File name>.exe
- <SYSTEM32>\tasks\time trigger task
- DNS ASK ap#.2ip.ua
- DNS ASK de##1.ug
- '<LS_APPDATA>\459066ef-f0cf-4d5d-8c2c-0c0edf22007c\<File name>.exe' --Task
- '%WINDIR%\syswow64\icacls.exe' "<LS_APPDATA>\459066ef-f0cf-4d5d-8c2c-0c0edf22007c" /deny *S-1-1-0:(OI)(CI)(DE,DC)' (with hidden window)
- '<LS_APPDATA>\459066ef-f0cf-4d5d-8c2c-0c0edf22007c\<File name>.exe' --Task' (with hidden window)
- '%WINDIR%\syswow64\icacls.exe' "<LS_APPDATA>\459066ef-f0cf-4d5d-8c2c-0c0edf22007c" /deny *S-1-1-0:(OI)(CI)(DE,DC)
- '<SYSTEM32>\taskeng.exe' {88BD5D6E-43BA-442A-B865-F515D31694DA} S-1-5-21-1960123792-2022915161-3775307078-1001:vzmnqqgbsbmf\user:Interactive:[1]