Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'NetWire' = '%APPDATA%\Install\Host.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'NetWire' = '<Full path to file>'
- host.exe
- %TEMP%\dist-10930[919877].pdf
- %APPDATA%\install\host.exe
- %APPDATA%\install\host.exe
- '43.##6.229.43':2030
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- '%APPDATA%\install\host.exe'
- '%APPDATA%\install\host.exe' 2 2732 1163390
- '%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrord32.exe' "%TEMP%\DIST-10930[919877].pdf"