Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '24b1287e54b16dcb7c4575d19f2db976' = '"%APPDATA%\taskmgr.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] '24b1287e54b16dcb7c4575d19f2db976' = '"%APPDATA%\taskmgr.exe" ..'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\taskmgr.exe" "taskmgr.exe" ENABLE
- %APPDATA%\taskmgr.exe
- 'pr#####er.servehttp.com':4444
- DNS ASK pr#####er.servehttp.com
- '%APPDATA%\taskmgr.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\taskmgr.exe" "taskmgr.exe" ENABLE' (with hidden window)