Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'q9wuYBzACLAn9BG2' = '<Full path to file>'
- '<SYSTEM32>\cmd.exe' /c ""<Full path to file>.bat" "
- <Full path to file>.bat
- 'www.le##ona.ru':80
- http://www.le##ona.ru/index_shell.php
- DNS ASK www.le##ona.ru