Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'awdmvYkj5quk' = '%TEMP%\aYmGS1lW1n6.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '9895a91e302de15dd8f452d681970a6b' = '"%TEMP%\PointBlank.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '9895a91e302de15dd8f452d681970a6b' = '"%TEMP%\PointBlank.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\PointBlank.exe" "PointBlank.exe" ENABLE
- pointblank.exe
- %TEMP%\aymgs1lw1n6.exe
- %TEMP%\pointblank.exe
- 'localhost':5552
- '%TEMP%\pointblank.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\PointBlank.exe" "PointBlank.exe" ENABLE' (with hidden window)