Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{EM9VND9-7WYI-MY89-L6L5-DTSDH624QGBV}' = '"%APPDATA%\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_hu-hu_...
- from <Full path to file> to %APPDATA%\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_hu-hu_ebf6cbd3707493e5\cnvfat.exe
- DNS ASK yi#.su
- '<SYSTEM32>\cmd.exe' /c icacls "%APPDATA%\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_hu-hu_ebf6cbd3707493e5" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)" & icacls "%APPDATA%\x86_...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c icacls "%APPDATA%\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_hu-hu_ebf6cbd3707493e5" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)" & icacls "%APPDATA%\x86_...