Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'e694b87b9bb6c5f9c463aae68105304c' = '"%APPDATA%\host.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'e694b87b9bb6c5f9c463aae68105304c' = '"%APPDATA%\host.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\e694b87b9bb6c5f9c463aae68105304c.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\host.exe" "host.exe" ENABLE
- %APPDATA%\host.exe
- 'dr###.ddns.net':5552
- DNS ASK dr###.ddns.net
- '%APPDATA%\host.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\host.exe" "host.exe" ENABLE' (with hidden window)