Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'c5dbc4b5114eccb1261dfdb2194089a8' = '"%APPDATA%\winsec.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'c5dbc4b5114eccb1261dfdb2194089a8' = '"%APPDATA%\winsec.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\c5dbc4b5114eccb1261dfdb2194089a8.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\winsec.exe' = '%APPDATA%\winsec.exe:*:Enabled:winsec.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\winsec.exe" "winsec.exe" ENABLE
- winsec.exe
- %APPDATA%\winsec.exe
- '19#.#41.146.179':31922
- '%APPDATA%\winsec.exe'
- '<Full path to file>'