Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'an_1_K_S_u_w_M_g_' = '%TEMP%\a5_R_2_b_V_.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\Vanessa.exe' = '%APPDATA%\Vanessa.exe:*:Enabled:Vanessa.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\Vanessa.exe" "Vanessa.exe" ENABLE
- Vanessa.exe
- %TEMP%\a5_R_2_b_V_.exe
- %APPDATA%\Vanessa.exe
- %TEMP%\a5_R_2_b_V_.exe
- %TEMP%\a5_R_2_b_V_.exe
- 'ma####5522.ddns.net':5552
- DNS ASK ma####5522.ddns.net
- '<Full path to file>'
- '%APPDATA%\Vanessa.exe'