Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'an_1_K_S_u_w_M_g_' = '%TEMP%\a5_R_2_b_V_.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\Vanessa.exe' = '%APPDATA%\Vanessa.exe:*:Enabled:Vanessa.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\Vanessa.exe" "Vanessa.exe" ENABLE
- Vanessa.exe
- %TEMP%\000.exe
- %TEMP%\2018-07-06_233451.png
- %TEMP%\a5_R_2_b_V_.exe
- %APPDATA%\Vanessa.exe
- %TEMP%\a5_R_2_b_V_.exe
- %TEMP%\a5_R_2_b_V_.exe
- 'ma####5522.ddns.net':5552
- DNS ASK ma####5522.ddns.net
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- '%TEMP%\000.exe'
- '%APPDATA%\Vanessa.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\2018-07-06_233451.png