Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ffeb9b6a266d357659025ba3a46a15ce' = '"%APPDATA%\Reader_Sl.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'ffeb9b6a266d357659025ba3a46a15ce' = '"%APPDATA%\Reader_Sl.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\ffeb9b6a266d357659025ba3a46a15ce.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\Reader_Sl.exe" "Reader_Sl.exe" ENABLE
- %LOCALAPPDATA%\tempserver.exe
- %APPDATA%\reader_sl.exe
- 'xx###.no-ip.biz':54652
- DNS ASK xx###.no-ip.biz
- '%LOCALAPPDATA%\tempserver.exe'
- '%APPDATA%\reader_sl.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\Reader_Sl.exe" "Reader_Sl.exe" ENABLE' (with hidden window)