Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '154ea1e46976fcbf79c75a02532d71ba' = '"%APPDATA%\server.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '154ea1e46976fcbf79c75a02532d71ba' = '"%APPDATA%\server.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\server.exe" "server.exe" ENABLE
- %TEMP%\adobe\updates\tool qm6wr private v1.exe
- %TEMP%\adobe\updates\llk2.exe
- %TEMP%\adobe\updates\ps3lib.dll
- %TEMP%\adobe\updates\metroframework.dll
- %APPDATA%\server.exe
- http://wa#####.gravityheberge.com/megosa/system/Windows.exe
- DNS ASK bo#####e.pattiserie.eu
- DNS ASK wa#####.gravityheberge.com
- DNS ASK cq####22.ddns.net
- '%TEMP%\adobe\updates\tool qm6wr private v1.exe'
- '%TEMP%\adobe\updates\llk2.exe'
- '%APPDATA%\server.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\server.exe" "server.exe" ENABLE' (with hidden window)