Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '263ffb49b96ce86233adb9a0889750ad' = '"%APPDATA%\RuntimeBroken.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] '263ffb49b96ce86233adb9a0889750ad' = '"%APPDATA%\RuntimeBroken.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\263ffb49b96ce86233adb9a0889750ad.exe
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\RuntimeBroken.exe" "RuntimeBroken.exe" ENABLE
- %APPDATA%\runtimebroken.exe
- 're#####sd.duckdns.org':2334
- DNS ASK re#####sd.duckdns.org
- '%APPDATA%\runtimebroken.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\RuntimeBroken.exe" "RuntimeBroken.exe" ENABLE' (with hidden window)