Technical Information
- [<HKCU>\software\Microsoft\Windows\CurrentVersion\Run] '34f43d3d45b1dd2b0432ebdffd64aea4' = '"%APPDATA%\fifi.exe" ..'
- [<HKLM>\software\Microsoft\Windows\CurrentVersion\Run] '34f43d3d45b1dd2b0432ebdffd64aea4' = '"%APPDATA%\fifi.exe" ..'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\fifi.exe" "fifi.exe" ENABLE
- %APPDATA%\fifi.exe
- 'localhost':443
- '%APPDATA%\fifi.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\fifi.exe" "fifi.exe" ENABLE' (with hidden window)