Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\crypted.exe' = '%TEMP%\crypted.exe:*:Enabled:crypted.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\crypted.exe" "crypted.exe" ENABLE
- %TEMP%\fs.settings
- %TEMP%\CDS.exe
- %TEMP%\CDS.cdd
- %TEMP%\crypted.exe
- %TEMP%\lua51.dll
- %TEMP%\lua5.1.dll
- %TEMP%\ap2.dat
- %TEMP%\ap1.dat
- %TEMP%\630_10.png
- %TEMP%\cdd.zip
- %TEMP%\c.dat
- %TEMP%\ap3.dat
- 'sa####oxie.ddns.net':1338
- DNS ASK sa####oxie.ddns.net
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\crypted.exe'
- '%TEMP%\CDS.exe'