Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'c45ad5711708969277d2f15ca60d2cea' = '"%TEMP%\system32.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'c45ad5711708969277d2f15ca60d2cea' = '"%TEMP%\system32.exe" ..'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\system32.exe" "system32.exe" ENABLE
- system32.exe
- %TEMP%\system32.exe
- %TEMP%\system32.exe
- DNS ASK mh####9.ddns.net
- '%TEMP%\system32.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\system32.exe" "system32.exe" ENABLE' (with hidden window)