Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '9ca956fece9e62238522588e1fa0317a' = '"%TEMP%\win.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] '9ca956fece9e62238522588e1fa0317a' = '"%TEMP%\win.exe" ..'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\win.exe" "win.exe" ENABLE
- %TEMP%\win.exe
- 'bl####ser.zapto.org':7171
- DNS ASK bl####ser.zapto.org
- '%TEMP%\win.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\win.exe" "win.exe" ENABLE' (with hidden window)