Technical Information
- '%TEMP%\57yhyh.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\57yhyh.ExE" "57yhyh.ExE" ENABLE
- %TEMP%\57yhyh.exe
- 'am##.myftp.biz':1177
- DNS ASK am##.myftp.biz
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\57yhyh.ExE" "57yhyh.ExE" ENABLE' (with hidden window)