Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'l' = '%HOMEPATH%\l.hta'
- ieinstal.exe
- %HOMEPATH%\l\lsex.exe
- %HOMEPATH%\l.hta
- %HOMEPATH%\l.vbs
- C:\users\public\clean.bat
- C:\users\public\sspicli.dll
- C:\users\public\perfmon.exe
- C:\users\public\runex.bat
- %APPDATA%\remcos\logs.dat
- C:\users\public\clean.bat
- C:\users\public\sspicli.dll
- C:\users\public\runex.bat
- C:\users\public\perfmon.exe
- 'xc###.ddns.net':4802
- DNS ASK xc###.ddns.net
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Users\Public\Runex.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Users\Public\Runex.bat" "
- '%ProgramFiles(x86)%\internet explorer\ieinstal.exe'