Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'a84bec0152cb495d5a0e5887cd6aa3e1' = '"%TEMP%\Update.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'a84bec0152cb495d5a0e5887cd6aa3e1' = '"%TEMP%\Update.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\a84bec0152cb495d5a0e5887cd6aa3e1.exe
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\Update.exe" "Update.exe" ENABLE
- %TEMP%\update.exe
- 'co####t.gotdns.ch':6969
- DNS ASK co####t.gotdns.ch
- '%TEMP%\update.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\Update.exe" "Update.exe" ENABLE' (with hidden window)