Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1de9cde9f2d304901dd3fe2456290803' = '"%APPDATA%\service.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] '1de9cde9f2d304901dd3fe2456290803' = '"%APPDATA%\service.exe" ..'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\service.exe" "service.exe" ENABLE
- %APPDATA%\service.exe
- 'sg###gcc.p-e.kr':447
- DNS ASK sg###gcc.p-e.kr
- '%APPDATA%\service.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\service.exe" "service.exe" ENABLE' (with hidden window)