Technical Information
- [<HKCU>\software\Microsoft\Windows\CurrentVersion\Run] 'd8caba773aa19a38ce17286811c764c6' = '"%TEMP%\TestApp.exe" ..'
- [<HKLM>\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'd8caba773aa19a38ce17286811c764c6' = '"%TEMP%\TestApp.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\d8caba773aa19a38ce17286811c764c6.exe
- hidden files
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\TestApp.exe" "TestApp.exe" ENABLE
- %TEMP%\testapp.exe
- %TEMP%\testapp.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\d8caba773aa19a38ce17286811c764c6.exe
- 'az######syqfnbjm.myvnc.com':5551
- DNS ASK az######syqfnbjm.myvnc.com
- '%TEMP%\testapp.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\TestApp.exe" "TestApp.exe" ENABLE' (with hidden window)