Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '3b9e660c36e63282eb9bca9c38e6cbfd' = '"%TEMP%\1.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] '3b9e660c36e63282eb9bca9c38e6cbfd' = '"%TEMP%\1.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\3b9e660c36e63282eb9bca9c38e6cbfd.exe
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\1.exe" "1.exe" ENABLE
- %TEMP%\1.exe
- 'localhost':4210
- DNS ASK sy####516.codns.com
- '%TEMP%\1.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\1.exe" "1.exe" ENABLE' (with hidden window)