Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '7be78e7d5d82fd7d1a468effbcfb73b3' = '"%APPDATA%\windz.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '7be78e7d5d82fd7d1a468effbcfb73b3' = '"%APPDATA%\windz.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\windz.exe" "windz.exe" ENABLE
- %APPDATA%\windz.exe
- 'sa####non.ddns.net':1604
- DNS ASK sa####non.ddns.net
- '%APPDATA%\windz.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\windz.exe" "windz.exe" ENABLE' (with hidden window)