Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'a58ec965dc55726b8207aa7f68296509' = '"%LOCALAPPDATA%\Tempfidd.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'a58ec965dc55726b8207aa7f68296509' = '"%LOCALAPPDATA%\Tempfidd.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\a58ec965dc55726b8207aa7f68296509.exe
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%LOCALAPPDATA%\Tempfidd.exe" "Tempfidd.exe" ENABLE
- %LOCALAPPDATA%\tempfidd.exe
- %LOCALAPPDATA%\tempfiddlersetup.exe
- %TEMP%\nsf7746.tmp\fiddlersetup.exe
- %TEMP%\nsy7fe1.tmp
- %LOCALAPPDATA%\tempfidd.exe
- '49.##2.52.233':1668
- '%LOCALAPPDATA%\tempfidd.exe'
- '%LOCALAPPDATA%\tempfiddlersetup.exe'
- '%TEMP%\nsf7746.tmp\fiddlersetup.exe' /D=
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%LOCALAPPDATA%\Tempfidd.exe" "Tempfidd.exe" ENABLE' (with hidden window)