Technical Information
- [<HKCU>\software\Microsoft\Windows\CurrentVersion\Run] 'b235349557d5f5ff0f93a789e1fee237' = '"%APPDATA%\Local.exe" ..'
- [<HKLM>\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'b235349557d5f5ff0f93a789e1fee237' = '"%APPDATA%\Local.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\b235349557d5f5ff0f93a789e1fee237.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\Local.exe" "Local.exe" ENABLE
- %APPDATA%\local.exe
- %APPDATA%\local.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\b235349557d5f5ff0f93a789e1fee237.exe
- '0.###.ngrok.io':19314
- DNS ASK 0.###.ngrok.io
- '%APPDATA%\local.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\Local.exe" "Local.exe" ENABLE' (with hidden window)