Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8ecf08dafafccf04a30d7b0ebc6da488' = '"%APPDATA%\TEMP.Exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '8ecf08dafafccf04a30d7b0ebc6da488' = '"%APPDATA%\TEMP.Exe" ..'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\TEMP.Exe' = '%APPDATA%\TEMP.Exe:*:Enabled:TEMP.Exe'
- '%APPDATA%\TEMP.Exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\TEMP.Exe" "TEMP.Exe" ENABLE
- %APPDATA%\TEMP.Exe
- 'yo#####beeh.myftp.biz':1177
- DNS ASK yo#####beeh.myftp.biz