Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Microsoft' = '%WINDIR%\@@@\WIN32.EXE'
- '%WINDIR%\syswow64\net.exe' stop sharedaccess
- %WINDIR%\vin32log.dat
- %WINDIR%\@@@\win32.exe
- %WINDIR%\@@@\___.exe
- %WINDIR%\@@@\mydll.dll
- %WINDIR%\@@@\tue_oct_20_2020_-_.txt
- %WINDIR%\@@@\win32.exe
- %WINDIR%\@@@\___.exe
- 'mx#.#otmail.com':25
- DNS ASK mx#.#otmail.com
- '%WINDIR%\@@@\win32.exe' "<Full path to file>"
- '%WINDIR%\syswow64\net.exe' stop sharedaccess' (with hidden window)
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe' -nohome' (with hidden window)
- '%WINDIR%\syswow64\net1.exe' stop sharedaccess
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe' -nohome
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%ProgramFiles(x86)%\internet exp...