Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{1PTBITWC-XHMG-OR6A-AXPT-YV4JUVAISDQ1}] 'StubPath' = '%APPDATA%\lmhost32.exe'
- [<HKCU>\Software\Microsoft\Active Setup\Installed Components\{1PTBITWC-XHMG-OR6A-AXPT-YV4JUVAISDQ1}] 'StubPath' = '%APPDATA%\lmhost32.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '60sgPWFMxIzEG' = '%APPDATA%\lmhost32.exe'
- <SYSTEM32>\cmd.exe /c """%TEMP%\Mt6VAheep.bat"" "
- %APPDATA%\logs.dat
- %TEMP%\XxX.xXx
- %TEMP%\UuU.uUu
- %TEMP%\Mt6VAheep.bat
- %TEMP%\XX--XX--XX.txt
- %APPDATA%\lmhost32.exe
- %APPDATA%\logs.dat
- %TEMP%\XxX.xXx
- %TEMP%\UuU.uUu
- %TEMP%\XX--XX--XX.txt
- 'bn###s.ath.cx':98
- DNS ASK bn###s.ath.cx
- ClassName: 'Indicator' WindowName: ''