Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winex' = '%APPDATA%\Windows\AutoUpdate.exe'
- Hides taskbar notifications
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram program = STcONaURjstoJeQ(uMqeEfSfaGeNmho("yJmAEIBBXdvRXSFRGegUiJnA")) name = STcONaURjstoJeQ(uMqeEfSfaGeNmho("XQ0V1bwVGZ0FQZ==")) mode = ENABLE
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
- %TEMP%\aut1.tmp
- %TEMP%\zygkijk
- %TEMP%\aut2.tmp
- %APPDATA%\Windows\winex.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\despacito[1].file
- %APPDATA%\Windows\pass.exe
- %APPDATA%\Windows\Passwords.txt
- %TEMP%\aut1.tmp
- %TEMP%\zygkijk
- %TEMP%\aut2.tmp
- '62.##8.34.115':80
- http://62.##8.34.115/despacito.file
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe'
- '<SYSTEM32>\cmd.exe' /c netsh firewall add allowedprogram program = STcONaURjstoJeQ(uMqeEfSfaGeNmho("yJmAEIBBXdvRXSFRGegUiJnA")) name = STcONaURjstoJeQ(uMqeEfSfaGeNmho("XQ0V1bwVGZ0FQZ==")) mode = ENABLE
- '<SYSTEM32>\cmd.exe' /c %APPDATA%\Windows\pass.exe all