Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '9cfaba08078c352b32e10053ff0762ca' = '"%TEMP%\kav.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '9cfaba08078c352b32e10053ff0762ca' = '"%TEMP%\kav.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\9cfaba08078c352b32e10053ff0762ca.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\kav.exe" "kav.exe" ENABLE
- %TEMP%\189.exe
- %TEMP%\kav.exe
- 'na#####yle2.zapto.org':1177
- DNS ASK na#####yle2.zapto.org
- '%TEMP%\189.exe'
- '%TEMP%\kav.exe'
- '%TEMP%\189.exe' ' (with hidden window)
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\kav.exe" "kav.exe" ENABLE' (with hidden window)