Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '3446dfe9b36d4caa835f3b7dc8d990fb' = '"%TEMP%\Microsoft Office.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '3446dfe9b36d4caa835f3b7dc8d990fb' = '"%TEMP%\Microsoft Office.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\3446dfe9b36d4caa835f3b7dc8d990fb.exe
- '%TEMP%\txw45g.exe'
- '%TEMP%\microsoft office.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\Microsoft Office.exe" "Microsoft Office.exe" ENABLE
- %TEMP%\txw45g.exe
- %TEMP%\microsoft office.exe
- 'im#####eyes.hopto.org':110
- DNS ASK im#####eyes.hopto.org
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\Microsoft Office.exe" "Microsoft Office.exe" ENABLE' (with hidden window)