Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\axl.lnk
- <SYSTEM32>\tasks\home lan application
- '%TEMP%\9495:y9736'
- <SYSTEM32>\svchost.exe
- %TEMP%\1901839321.txt
- %TEMP%\9495:y9736
- %PROGRAMDATA%\поааз.exe
- %APPDATA%\homelan\9497:y9938
- %PROGRAMDATA%\поааз.exe
- %APPDATA%\homelan\9497:y9938
- %APPDATA%\homelan\9497:y9938
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Start-Process -NoNewWindow -FilePath "%TEMP%\9495:y9736"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Start-Process -NoNewWindow -FilePath "%TEMP%\9495:y9736"' (with hidden window)
- '<SYSTEM32>\svchost.exe' ' (with hidden window)
- '<SYSTEM32>\svchost.exe'