Technical Information
- [<HKCU>\software\Microsoft\Windows\CurrentVersion\Run] 'aa11d35114c104894251ab657d071e41' = '"%APPDATA%\hkcmd.exe" ..'
- [<HKLM>\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'aa11d35114c104894251ab657d071e41' = '"%APPDATA%\hkcmd.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\aa11d35114c104894251ab657d071e41.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\hkcmd.exe" "hkcmd.exe" ENABLE
- %APPDATA%\hkcmd.exe
- 'se####5319.us.to':5552
- DNS ASK se####5319.us.to
- DNS ASK in#####ates.sytes.net
- DNS ASK se####3919.mooo.com
- '%APPDATA%\hkcmd.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\hkcmd.exe" "hkcmd.exe" ENABLE' (with hidden window)