Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'e0ff85d91a47f4aed75310ed1a3117e8' = '"%LOCALAPPDATA%kHpHz_aakg.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'e0ff85d91a47f4aed75310ed1a3117e8' = '"%LOCALAPPDATA%kHpHz_aakg.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%LOCALAPPDATA%kHpHz_aakg.exe" "LocalkHpHz_aakg.exe" ENABLE
- %LOCALAPPDATA%khphz_aakg.exe
- %LOCALAPPDATA%lnnbmbekwk.cetrainer
- 'al####2020.ddns.net':1177
- DNS ASK al####2020.ddns.net
- '%LOCALAPPDATA%khphz_aakg.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%LOCALAPPDATA%kHpHz_aakg.exe" "LocalkHpHz_aakg.exe" ENABLE' (with hidden window)
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shell32.dll,OpenAs_RunDLL %LOCALAPPDATA%LnnBmbeKwK.cetrainer