Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '%WINDIR%\6A2E399EED54E9E7.exe'
- %WINDIR%\syswow64\explorer.exe
- <Current directory>\1048656.bat
- %WINDIR%\6a2e399eed54e9e7.exe
- DNS ASK so###smeth.com
- DNS ASK ul###aker.com
- DNS ASK lh####iew90film.com
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\1048656.bat" "<Full path to file>""' (with hidden window)
- '%WINDIR%\syswow64\explorer.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\1048656.bat" "<Full path to file>""
- '%WINDIR%\syswow64\attrib.exe' -r -s -h "<Full path to file>"