Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'abcb26a5349176ba8e20bab97459fb6a' = '"%TEMP%\a2.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'abcb26a5349176ba8e20bab97459fb6a' = '"%TEMP%\a2.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\a2.exe" "a2.exe" ENABLE
- ClassName: 'OLLYDBG', WindowName: ''
- %TEMP%\a2.exe
- '31.##1.209.216':1177
- '%TEMP%\a2.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\a2.exe" "a2.exe" ENABLE' (with hidden window)