Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = '%TEMP%\RarSFX1\hkcmd.exe'
- %TEMP%\7zipsfx.000\1242015.exe
- %TEMP%\rarsfx0\738782345.exe
- %TEMP%\rarsfx0\674658.bat
- %TEMP%\rarsfx1\hkcmd.exe
- 'kj##########jjjhdkslfjjjj.chickenkiller.com':1020
- DNS ASK kj##########jjjhdkslfjjjj.chickenkiller.com
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\7zipsfx.000\1242015.exe' /s
- '%TEMP%\rarsfx0\738782345.exe' /NOCONSOLE -pi98574jkdhfdkjfhdkfj8476583 -d%LOCALAPPDATA%\Temp
- '%TEMP%\rarsfx1\hkcmd.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\RarSFX0\674658.bat" "