Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] '8106ab9ead2560c32305d819456c5fab' = '"%TEMP%\vdsgazzzz1104525gd.exe" ..'
- [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] '8106ab9ead2560c32305d819456c5fab' = '"%TEMP%\vdsgazzzz1104525gd.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\8106ab9ead2560c32305d819456c5fab.exe
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\vdsgazzzz1104525gd.exe" "vdsgazzzz1104525gd.exe" ENABLE
- %TEMP%\vdsgazzzz1104525gd.exe
- <Full path to file>
- %TEMP%\vdsgazzzz1104525gd.exe
- 'pa###bin.com':443
- 'ki#####.freeddns.org':1188
- 'pa###bin.com':443
- DNS ASK pa###bin.com
- DNS ASK ki#####.freeddns.org
- '%TEMP%\vdsgazzzz1104525gd.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\vdsgazzzz1104525gd.exe" "vdsgazzzz1104525gd.exe" ENABLE' (with hidden window)