Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ChAt33' = '"%TEMP%\chaat.exe" @..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'ChAt33' = '"%TEMP%\chaat.exe"'
- User Account Control (UAC)
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\chaat.exe" "chaat.exe" ENABLE
- %TEMP%\chaat.exe
- DNS ASK ac#######rvices.passport.net
- DNS ASK Ho####LcH.AtH.Cx
- '%TEMP%\chaat.exe' @MTL:<Current directory>
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\chaat.exe" "chaat.exe" ENABLE' (with hidden window)