Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\ef606a68a33ee6fb113ef3f9bb714d73.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\cAhAm.exe' = '%TEMP%\cAhAm.exe:*:Enabled:cAhAm.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\cAhAm.exe" "cAhAm.exe" ENABLE
- %TEMP%\cAhAm.exe
- 'ms####g.myq-see.com':5552
- DNS ASK ms####g.myq-see.com
- '%TEMP%\cAhAm.exe'