Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'FD9A8B412481155502147' = '%APPDATA%\2FD9A8B412481155502147\2FD9A8B412481155502147.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '2500' = '00000003'
- %TEMP%\2fd9a8b412481155502147
- %APPDATA%\2fd9a8b412481155502147\2fd9a8b412481155502147.exe
- 'localhost':80
- '%APPDATA%\2fd9a8b412481155502147\2fd9a8b412481155502147.exe'