Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\hy5.5] 'ImagePath' = '%TEMP%\lSqt0SZ.sys'
- NtOpenProcess, handler: lSqt0SZ.sys
- <SYSTEM32>\zu-ZA2\іхКј»ЇК§°ЬґтїЄОТ.bat
- %TEMP%\lSqt0SZ.sys
- %TEMP%\lSqt0SZ.sys
- %TEMP%\lSqt0SZ.sys
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\\zu-ZA2\іхКј»ЇК§°ЬґтїЄОТ.bat
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /t REG_BINARY /d 4600000000 /f
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /t REG_BINARY /d 4600000000 /f
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
- '<SYSTEM32>\reg.exe' delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f