Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1c596ec008f9ff40ed88d3eda9be8c22' = '"%TEMP%\66wr94tr9434t9u554j054i54j60564i56.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1c596ec008f9ff40ed88d3eda9be8c22' = '"%TEMP%\66wr94tr9434t9u554j054i54j60564i56.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\1c596ec008f9ff40ed88d3eda9be8c22.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\66wr94tr9434t9u554j054i54j60564i56.exe' = '%TEMP%\66wr94tr9434t...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\66wr94tr9434t9u554j054i54j60564i56.exe" "66wr94tr9434t9u554j054i54j60564i56.exe" ENABLE
- '%TEMP%\66wr94tr9434t9u554j054i54j60564i56.exe'
- %TEMP%\66wr94tr9434t9u554j054i54j60564i56.exe
- 'localhost':999