Technical Information
- [<HKCU>\software\Microsoft\Windows\CurrentVersion\Run] '9417a49a43150d5a807462bf5b801d9d' = '"%HOMEPATH%\Many.exe" ..'
- [<HKLM>\software\Microsoft\Windows\CurrentVersion\Run] '9417a49a43150d5a807462bf5b801d9d' = '"%HOMEPATH%\Many.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\9417a49a43150d5a807462bf5b801d9d.exe
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%HOMEPATH%\Many.exe" "Many.exe" ENABLE
- %HOMEPATH%\many.exe
- %HOMEPATH%\many.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\9417a49a43150d5a807462bf5b801d9d.exe
- '<LOCALNET>.234.154':4444
- 'pa###bin.com':443
- DNS ASK pa###bin.com
- '%HOMEPATH%\many.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%HOMEPATH%\Many.exe" "Many.exe" ENABLE' (with hidden window)