Search
Keyword: unixliona1
schtasks /create /tn WindowsRecoveryCleaner /tr "%All Users Profile%\Iostream.exe" /st 00:00 /sc daily /du 9999:59 /ri 1 /f (Note: %All Users Profile% is the common user's profile folder, which is usually C:
"\xf4\xa2\xc5\xf9\x13g\x85x\xeb\xf9sk\x03\xb6G3\x07\x80\xd19O\x15\xabd\xfbO8\xd0p(S" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1" HKEY_CURRENT_USER\Software\Microsoft
" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 SessionHash = "{random characters}" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1" HKEY_CURRENT_USER\Software
\x8e\xd5\x01" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 SessionHash = "{random characters}" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1
{random characters}" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 RegFiles0000 = "\x00" HKEY_CURRENT_USER
\xd5\x01" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 SessionHash = "{random characters}" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1
" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 SessionHash = "{random characters}" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1" HKEY_CURRENT_USER\Software
\Software\Microsoft\ RestartManager\Session0000 Sequence = "1" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 RegFiles0000 = "\x00" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager
" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 RegFiles0000 = "\x00" HKEY_CURRENT_USER\Software\Microsoft
" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 RegFiles0000 = "\x00" HKEY_CURRENT_USER\Software\Microsoft
\Classes\ Wow6432Node\CLSID\{{GUID}}\ MiscStatus (Default) = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ Wow6432Node\CLSID\{{GUID}}\ MiscStatus\1 (Default) = "131473" HKEY_LOCAL_MACHINE\SOFTWARE\Classes
\Software\Microsoft\ RestartManager\Session0000 SessionHash = "{random characters}" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1" HKEY_CURRENT_USER\Software\Microsoft
}" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 RegFiles0000 = "\x00" HKEY_CURRENT_USER\Software
\ RestartManager\Session0000 Sequence = "1" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 RegFiles0000 = "\x00" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 RegFilesHash =
\Session0000 Sequence = "1" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 RegFiles0000 = "\x00" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 RegFilesHash = "{random
" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 RegFiles0000 = "\x00" HKEY_CURRENT_USER\Software\Microsoft
\x01" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 SessionHash = "{random characters}" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1
\Microsoft\ Windows\CurrentVersion\Uninstall\ WinPro NoModify = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Uninstall\ WinPro NoRepair = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\
{45A8F904-D9CA-439B-9CBB-11097B45D9E1}\TypeLib HKEY_LOCAL_MACHINE\SOFTWARE\FCTB000060231 It adds the following registry entries: HKEY_CURRENT_USER\Software\AppDataLow\ PlaySushi autoupd = "1" HKEY_CURRENT_USER\Software\AppDataLow
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a