Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '27dd319d2ad3f098574b6fef410bd229' = '"%PROGRAMDATA%\3awdfd.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27dd319d2ad3f098574b6fef410bd229' = '"%PROGRAMDATA%\3awdfd.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%PROGRAMDATA%\3awdfd.exe" "3awdfd.exe" ENABLE
- 3awdfd.exe
- %APPDATA%\vav23.exe
- %APPDATA%\game.exe
- %PROGRAMDATA%\3awdfd.exe
- 'bo##.kro.kr':3
- DNS ASK bo##.kro.kr
- '%APPDATA%\vav23.exe'
- '%APPDATA%\game.exe'
- '%PROGRAMDATA%\3awdfd.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%PROGRAMDATA%\3awdfd.exe" "3awdfd.exe" ENABLE' (with hidden window)