Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '4c1e56ee7374309d8fa12b913734d668' = '"%TEMP%\Microsoft .exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4c1e56ee7374309d8fa12b913734d668' = '"%TEMP%\Microsoft .exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\Microsoft .exe" "Microsoft .exe" ENABLE
- <Current directory>\.exe
- %TEMP%\microsoft .exe
- <Current directory>\.exe
- 'ea#####htane.ddns.net':3973
- 'ea#####htane.ddns.net':3973
- DNS ASK ea#####htane.ddns.net
- '<Current directory>\.exe'
- '%TEMP%\microsoft .exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\Microsoft .exe" "Microsoft .exe" ENABLE' (with hidden window)