Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '30fa035dbe87c6e209452c1147d1cdb9' = '"%TEMP%\setup.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '30fa035dbe87c6e209452c1147d1cdb9' = '"%TEMP%\setup.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\setup.exe" "setup.exe" ENABLE
- setup.exe
- %TEMP%\setup.exe
- DNS ASK oz####.no-ip.biz
- '%TEMP%\setup.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\setup.exe" "setup.exe" ENABLE' (with hidden window)