Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'c77e4a809da66e2155c0e154d4a15b8e' = '"%TEMP%\geeglo.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'c77e4a809da66e2155c0e154d4a15b8e' = '"%TEMP%\geeglo.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\c77e4a809da66e2155c0e154d4a15b8e.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\geeglo.exe" "geeglo.exe" ENABLE
- %TEMP%\geeglo.exe
- 'za####azz.myftp.biz':5555
- DNS ASK za####azz.myftp.biz
- '%TEMP%\geeglo.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\geeglo.exe" "geeglo.exe" ENABLE' (with hidden window)