Technical Information
- [<HKCU>\software\Microsoft\Windows\CurrentVersion\Run] '2ff382bdaa041225fed31ba91b58e5ec' = '"%APPDATA%\officeup.exe" ..'
- [<HKLM>\software\Microsoft\Windows\CurrentVersion\Run] '2ff382bdaa041225fed31ba91b58e5ec' = '"%APPDATA%\officeup.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\2ff382bdaa041225fed31ba91b58e5ec.exe
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\officeup.exe" "officeup.exe" ENABLE
- %TEMP%\847a46e7-de03-4e98-aac1-565f53260ccd\agiledotnetrt64.dll
- %APPDATA%\officeup.exe
- %APPDATA%\officeup.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\2ff382bdaa041225fed31ba91b58e5ec.exe
- DNS ASK os####x.myq-see.com
- DNS ASK fu#####l.duckdns.org
- '%APPDATA%\officeup.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\officeup.exe" "officeup.exe" ENABLE' (with hidden window)