Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'a3db000cba87569c11627410464f6d71' = '"%TEMP%\43tr3t.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'a3db000cba87569c11627410464f6d71' = '"%TEMP%\43tr3t.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\a3db000cba87569c11627410464f6d71.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\43tr3t.exe" "43tr3t.exe" ENABLE
- 43tr3t.exe
- %APPDATA%\2ef2e.exe
- <Current directory>\blackstar_uproject.exe
- %TEMP%\43tr3t.exe
- 'ta###815.kro.kr':6
- DNS ASK ta###815.kro.kr
- '%APPDATA%\2ef2e.exe'
- '<Current directory>\blackstar_uproject.exe'
- '%TEMP%\43tr3t.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\43tr3t.exe" "43tr3t.exe" ENABLE' (with hidden window)