Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'a6fdc29e952e802a32a88447ae1b15aa' = '"%TEMP%\chrome.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'a6fdc29e952e802a32a88447ae1b15aa' = '"%TEMP%\chrome.exe" ..'
- <SYSTEM32>\tasks\sssssssss
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\chrome.exe" "chrome.exe" ENABLE
- %HOMEPATH%\music\nn.exe
- %TEMP%\chrome.exe
- 'mj#####fedz.ddns.net':1177
- DNS ASK mj#####fedz.ddns.net
- '%TEMP%\chrome.exe'
- '%HOMEPATH%\music\nn.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn sssssssss /tr %HOMEPATH%\Music\nn.exe' (with hidden window)
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\chrome.exe" "chrome.exe" ENABLE' (with hidden window)
- '%HOMEPATH%\music\nn.exe' ' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn sssssssss /tr %HOMEPATH%\Music\nn.exe
- '<SYSTEM32>\taskeng.exe' {60916E77-A5DE-4C20-B56F-4DC665F18B5D} S-1-5-21-1960123792-2022915161-3775307078-1001:nypmokspec\user:Interactive:[1]