Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'a9392a4e800a4a05e29eac9a6535af5c' = '"%APPDATA%\DUNE.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'a9392a4e800a4a05e29eac9a6535af5c' = '"%APPDATA%\DUNE.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\a9392a4e800a4a05e29eac9a6535af5c.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\DUNE.exe" "DUNE.exe" ENABLE
- %APPDATA%\dune.exe
- DNS ASK nj####o.ddns.net
- '%APPDATA%\dune.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\DUNE.exe" "DUNE.exe" ENABLE' (with hidden window)