Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '120551f8b5b56de50e3f88f9a9b9edd2' = '"%PROGRAMDATA%\smmgr.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '120551f8b5b56de50e3f88f9a9b9edd2' = '"%PROGRAMDATA%\smmgr.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\120551f8b5b56de50e3f88f9a9b9edd2.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%PROGRAMDATA%\smmgr.exe" "smmgr.exe" ENABLE
- smmgr.exe
- %PROGRAMDATA%\smmgr.exe
- 'ch###als.kro.kr':5553
- DNS ASK ch###als.kro.kr
- '%PROGRAMDATA%\smmgr.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%PROGRAMDATA%\smmgr.exe" "smmgr.exe" ENABLE' (with hidden window)