Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'NXLun' = '%APPDATA%\NXLun\NXLun.exe'
- <SYSTEM32>\tasks\updates\xnpcqygh
- %APPDATA%\xnpcqygh.exe
- %TEMP%\tmp52e.tmp
- %APPDATA%\nxlun\nxlun.exe
- %APPDATA%\xnpcqygh.exe
- %TEMP%\tmp52e.tmp
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath "%APPDATA%\xnPcqYGH.exe"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath "%APPDATA%\xnPcqYGH.exe"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\xnPcqYGH" /XML "%TEMP%\tmp52E.tmp"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\xnPcqYGH" /XML "%TEMP%\tmp52E.tmp"