Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'AutoUpdate' = '%APPDATA%\log\AutoUpdate.exe'
- Hides taskbar notifications
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram program = STcONaURjstoJeQ(uMqeEfSfaGeNmho("yJmAEIBBXdvRXSFRGegUiJnA")) name = STcONaURjstoJeQ(uMqeEfSfaGeNmho("XQ0V1bwVGZ0FQZ==")) mode = ENABLE
- %APPDATA%\log\AutoUpdate.exe
- %APPDATA%\log\pass.exe
- %APPDATA%\log\Passwords.txt
- %TEMP%\aut1.tmp
- %TEMP%\mmpwoel
- %TEMP%\aut2.tmp
- %TEMP%\aut2.tmp
- %TEMP%\mmpwoel
- %TEMP%\aut1.tmp
- '73####74696e656c.ru':80
- http://73####74696e656c.ru/zugu.file
- DNS ASK 73####74696e656c.ru
- '<SYSTEM32>\cmd.exe' /c %APPDATA%\log\pass.exe all
- '<SYSTEM32>\cmd.exe' /c netsh firewall add allowedprogram program = STcONaURjstoJeQ(uMqeEfSfaGeNmho("yJmAEIBBXdvRXSFRGegUiJnA")) name = STcONaURjstoJeQ(uMqeEfSfaGeNmho("XQ0V1bwVGZ0FQZ==")) mode = ENABLE