Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Windows Service' = 'c:\temp\SystemCare.exe'
- C:\temp\temp.jpg
- C:\temp\systemcare.exe
- C:\temp\mpr.dll
- C:\temp\temp.zip
- from C:\temp\temp.jpg to C:\temp\temp.zip
- http://me#####emawe-ru.1gb.ru/file/file_20098202116.jpg
- http://ip##pi.com/json/
- DNS ASK me#####emawe-ru.1gb.ru
- DNS ASK ip##pi.com
- 'C:\temp\systemcare.exe'
- '%WINDIR%\syswow64\cmd.exe' /C start c:\temp\SystemCare.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C start c:\temp\SystemCare.exe