Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6ae7ac431f54376da3b5ae10b253fba5' = '"%TEMP%\Lacrizeomicmek.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '6ae7ac431f54376da3b5ae10b253fba5' = '"%TEMP%\Lacrizeomicmek.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\6ae7ac431f54376da3b5ae10b253fba5.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\Lacrizeomicmek.exe' = '%TEMP%\Lacrizeomicmek.exe:*:Enabled:Lacrizeomicmek.exe'
- '%TEMP%\Lacrizeomicmek.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\Lacrizeomicmek.exe" "Lacrizeomicmek.exe" ENABLE
- %TEMP%\Lacrizeomicmek.exe
- 'wo####.no-ip.biz':97
- DNS ASK wo####.no-ip.biz
- ClassName: 'Indicator' WindowName: '(null)'