Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '98a00fe1c7813f0a3bbe6b5f1b406c76' = '"<LS_APPDATA>KZOWlafvui.exe" ..'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '98a00fe1c7813f0a3bbe6b5f1b406c76' = '"<LS_APPDATA>KZOWlafvui.exe" ..'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<LS_APPDATA>KZOWlafvui.exe' = '<LS_APPDATA>KZOWlafvui.exe:*:Enabled:Ap...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "<LS_APPDATA>KZOWlafvui.exe" "Application DataKZOWlafvui.exe" ENABLE
- <LS_APPDATA>KZOWlafvui.exe
- <LS_APPDATA>PAG_rJapsm..exe
- 'an#####ra122.myftp.biz':1177
- DNS ASK an#####ra122.myftp.biz
- '<LS_APPDATA>KZOWlafvui.exe'
- '<LS_APPDATA>PAG_rJapsm..exe'