Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GFI' = '%ProgramFiles(x86)%\GFI\efax.exe'
- %WINDIR%\syswow64\svchost.exe
- %ProgramFiles(x86)%\gfi\efax.exe
- '10#.#48.150.119':443
- '%ProgramFiles(x86)%\gfi\efax.exe'
- '%WINDIR%\syswow64\cmd.exe' /c copy "<Full path to file>" "%ProgramFiles(x86)%\GFI\efax.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c, "%ProgramFiles(x86)%\GFI\efax.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "GFI" /t REG_SZ /d "%ProgramFiles(x86)%\GFI\efax.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c copy "<Full path to file>" "%ProgramFiles(x86)%\GFI\efax.exe"
- '%WINDIR%\syswow64\cmd.exe' /c, "%ProgramFiles(x86)%\GFI\efax.exe"
- '%WINDIR%\syswow64\cmd.exe' /c REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "GFI" /t REG_SZ /d "%ProgramFiles(x86)%\GFI\efax.exe"
- '%WINDIR%\syswow64\reg.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "GFI" /t REG_SZ /d "%ProgramFiles(x86)%\GFI\efax.exe"
- '%WINDIR%\syswow64\svchost.exe'