Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'c0720468cc71a795d8edaba11c5e7595' = '"%TEMP%\Trojan.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'c0720468cc71a795d8edaba11c5e7595' = '"%TEMP%\Trojan.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\c0720468cc71a795d8edaba11c5e7595.exe
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\Trojan.exe" "Trojan.exe" ENABLE
- %TEMP%\trojan.exe
- 'ga#####ra.duckdns.org':1177
- DNS ASK ga#####ra.duckdns.org
- '%TEMP%\trojan.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\Trojan.exe" "Trojan.exe" ENABLE' (with hidden window)