Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '429650f1334e490be60198155ff8ede7' = '"%PROGRAMDATA%\3eafwqe.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '429650f1334e490be60198155ff8ede7' = '"%PROGRAMDATA%\3eafwqe.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%PROGRAMDATA%\3eafwqe.exe" "3eafwqe.exe" ENABLE
- 3eafwqe.exe
- %APPDATA%\aw3feq.exe
- %APPDATA%\hibernate4win.exe
- %PROGRAMDATA%\3eafwqe.exe
- 'bo##.kro.kr':3
- DNS ASK bo##.kro.kr
- '%APPDATA%\aw3feq.exe'
- '%APPDATA%\hibernate4win.exe'
- '%PROGRAMDATA%\3eafwqe.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%PROGRAMDATA%\3eafwqe.exe" "3eafwqe.exe" ENABLE' (with hidden window)