Technical Information
- [<HKLM>\System\CurrentControlSet\Services\targetsshext] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\targetsshext] 'ImagePath' = '"%WINDIR%\SysWOW64\targetsshext.exe"'
- '%TEMP%\li5rxdmen.exe'
- '%WINDIR%\syswow64\targetsshext.exe'
- %TEMP%\li5rxdmen.exe
- from %TEMP%\li5rxdmen.exe to %WINDIR%\syswow64\targetsshext.exe
- '70.##4.112.55':80
- 'kh###buiads.com':443
- DNS ASK ya####ucilingir.com
- DNS ASK kh###buiads.com