Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '98fd8a34660c1bd7124f93f577910834' = '"%APPDATA%\Atemp.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] '98fd8a34660c1bd7124f93f577910834' = '"%APPDATA%\Atemp.exe" ..'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\Atemp.exe" "Atemp.exe" ENABLE
- %APPDATA%\atemp.exe
- 'xl####988.ddns.net':5214
- DNS ASK xl####988.ddns.net
- '%APPDATA%\atemp.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\Atemp.exe" "Atemp.exe" ENABLE' (with hidden window)