Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ae3388028276a45ef917f2795bbae765' = '"%APPDATA%\TrustedInstaller.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ae3388028276a45ef917f2795bbae765' = '"%APPDATA%\TrustedInstaller.exe" ..'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\TrustedInstaller.exe' = '%APPDATA%\TrustedInstaller.exe:*:En...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\TrustedInstaller.exe" "TrustedInstaller.exe" ENABLE
- '%APPDATA%\TrustedInstaller.exe'
- %APPDATA%\TrustedInstaller.exe
- '1i#####s.3utilities.com':5159
- DNS ASK 1i#####s.3utilities.com