Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '84be24a6a73dad5af75244d56a9fb395' = '"%HOMEPATH%\ Explorer.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] '84be24a6a73dad5af75244d56a9fb395' = '"%HOMEPATH%\ Explorer.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\84be24a6a73dad5af75244d56a9fb395.exe
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%HOMEPATH%\ Explorer.exe" " Explorer.exe" ENABLE
- %HOMEPATH%\ explorer.exe
- '<LOCALNET>.8.106':666
- DNS ASK zo####6.ddns.net
- '%HOMEPATH%\ explorer.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%HOMEPATH%\ Explorer.exe" " Explorer.exe" ENABLE' (with hidden window)