Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '01d0f4a8b704ae634292a97e2c264f41' = '"%APPDATA%\hdans.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '01d0f4a8b704ae634292a97e2c264f41' = '"%APPDATA%\hdans.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\01d0f4a8b704ae634292a97e2c264f41.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\hdans.exe" "hdans.exe" ENABLE
- %APPDATA%\hdans.exe
- 'mi###.publicvm.com':1177
- DNS ASK mi###.publicvm.com
- '%APPDATA%\hdans.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\hdans.exe" "hdans.exe" ENABLE' (with hidden window)