Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\319f4c7c279e67a80aec23943166a96c.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\system.com' = '%APPDATA%\system.com:*:Enabled:system.com'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\system.com" "system.com" ENABLE
- '%APPDATA%\system.com'
- %APPDATA%\system.com
- 'te####11.myftp.biz':1999
- DNS ASK te####11.myftp.biz