Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'windows' = '%APPDATA%\Install\Host.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{L501JP3X-C6PC-RH36-475X-RS2C2OQHHGS0}] 'StubPath' = '"%APPDATA%\Install\Host.exe"'
- host.exe
- %APPDATA%\install\host.exe
- %TEMP%\ekmia8g8c.bat
- %APPDATA%\install\host.exe
- '%APPDATA%\install\host.exe'
- '%WINDIR%\syswow64\cmd.exe' /c "%TEMP%\eKMia8g8c.bat"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "%TEMP%\eKMia8g8c.bat"
- '%WINDIR%\syswow64\ping.exe' 192.0.2.2 -n 1 -w 3000
- '%WINDIR%\syswow64\cmd.exe' /c del "%TEMP%\eKMia8g8c.bat"