Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '39b9a12503fd42c0c57a8df41304984d' = '"%TEMP%\IDMan.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] '39b9a12503fd42c0c57a8df41304984d' = '"%TEMP%\IDMan.exe" ..'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\IDMan.exe" "IDMan.exe" ENABLE
- %TEMP%\fix98.exe
- %TEMP%\fix.exe
- %TEMP%\idman.exe
- 'ga#####l.duckdns.org':9999
- DNS ASK ga#####l.duckdns.org
- '%TEMP%\fix98.exe'
- '%TEMP%\fix.exe'
- '%TEMP%\idman.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\IDMan.exe" "IDMan.exe" ENABLE' (with hidden window)