Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '895201aeb214cc38175280c036e0fe12' = '"%APPDATA%\Rundll32.scr" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '895201aeb214cc38175280c036e0fe12' = '"%APPDATA%\Rundll32.scr" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\895201aeb214cc38175280c036e0fe12.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\Rundll32.scr' = '%APPDATA%\Rundll32.scr:*:Enabled:Rundll32.s...
- '%APPDATA%\Rundll32.scr' /S
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\Rundll32.scr" "Rundll32.scr" ENABLE
- %APPDATA%\Rundll32.scr
- 'mo##.hopto.org':50000
- DNS ASK mo##.hopto.org