Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'CoresStart' = '%HOMEPATH%\coresstart.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\coresstart.exe' = '%HOMEPATH%\coresstart.exe:*:Enabled:ENABLE'
- %HOMEPATH%\coresstart.exe
- <SYSTEM32>\netsh.exe firewall set allowedprogram "%HOMEPATH%\coresstart.exe" ENABLE
- <SYSTEM32>\cmd.exe /c """%TEMP%\62.bat"" "
- %HOMEPATH%\coresstart.exe
- %TEMP%\62.bat
- %HOMEPATH%\coresstart.exe
- %HOMEPATH%\coresstart.exe
- '64.##1.12.53':443
- 'localhost':1041
- 'localhost':1040
- '23#.#55.255.250':1900