Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\CfgClt] 'ImagePath' = '<SYSTEM32>\CfgClt.exe StartService'
- [<HKLM>\SYSTEM\ControlSet001\Services\CfgClt] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\CfgClt.exe' = '<SYSTEM32>\CfgClt.exe:*:Enabled:CfgClt'
- '<SYSTEM32>\netsh.exe' firewall add portopening UDP 5151 CfgClt
- '<SYSTEM32>\cmd.exe' /c netsh firewall add portopening UDP 5151 CfgClt
- '<SYSTEM32>\CfgClt.exe' StartService
- <SYSTEM32>\CfgClt.exe.tmp
- %WINDIR%\bootstat.dat
- from <SYSTEM32>\CfgClt.exe.tmp to <SYSTEM32>\CfgClt.exe