Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '4e413ab159cd670d5e6686d4fb35a9f9' = '"%TEMP%\kmnbvcx.exe" ..'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4e413ab159cd670d5e6686d4fb35a9f9' = '"%TEMP%\kmnbvcx.exe" ..'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\kmnbvcx.exe' = '%TEMP%\kmnbvcx.exe:*:Enabled:kmnbvcx.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\kmnbvcx.exe" "kmnbvcx.exe" ENABLE
- %TEMP%\kmnbvcx.exe
- '12####j.ddns.net':1987
- DNS ASK 12####j.ddns.net
- '%TEMP%\kmnbvcx.exe'