Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = '%APPDATA%\lkhost32.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '%APPDATA%\lkhost32.exe'
- <SYSTEM32>\cmd.exe /c """%TEMP%\QABj6pQ2A6m.bat"" "
- %APPDATA%\logs.dat
- %TEMP%\XxX.xXx
- %TEMP%\UuU.uUu
- %TEMP%\QABj6pQ2A6m.bat
- %TEMP%\XX--XX--XX.txt
- %APPDATA%\lkhost32.exe
- %APPDATA%\logs.dat
- %TEMP%\XxX.xXx
- %TEMP%\UuU.uUu
- %TEMP%\XX--XX--XX.txt
- 'ad###c.ath.cx':97
- DNS ASK ad###c.ath.cx
- ClassName: 'Indicator' WindowName: ''