Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '927023f818e6ce8ef3ccb347194b0a7e' = '"%TEMP%\taskmgr.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '927023f818e6ce8ef3ccb347194b0a7e' = '"%TEMP%\taskmgr.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\927023f818e6ce8ef3ccb347194b0a7e.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\taskmgr.exe" "taskmgr.exe" ENABLE
- %TEMP%\taskmgr.exe
- 'dr#####x95.myq-see.com':1177
- DNS ASK dr#####x95.myq-see.com
- '%TEMP%\taskmgr.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\taskmgr.exe" "taskmgr.exe" ENABLE' (with hidden window)