Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '5c7199fce30ed0ab3fe95504baabd359' = '"%TEMP%\soro.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5c7199fce30ed0ab3fe95504baabd359' = '"%TEMP%\soro.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\5c7199fce30ed0ab3fe95504baabd359.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\soro.exe" "soro.exe" ENABLE
- %TEMP%\aut3e09.tmp
- %TEMP%\exhjuyl
- %TEMP%\5610\5610.exe
- %TEMP%\auta840.tmp
- %TEMP%\mrxyyrm
- %TEMP%\5782\5782.exe
- %TEMP%\aute011.tmp
- %TEMP%\zryrzpm
- %TEMP%\2403\2403.exe
- %TEMP%\autf768.tmp
- %TEMP%\aeadzqi
- %TEMP%\1099\1099.exe
- %TEMP%\soro.exe
- %TEMP%\aut3e09.tmp
- %TEMP%\exhjuyl
- %TEMP%\5610\5610.exe
- %TEMP%\auta840.tmp
- %TEMP%\mrxyyrm
- %TEMP%\5782\5782.exe
- %TEMP%\aute011.tmp
- %TEMP%\zryrzpm
- %TEMP%\2403\2403.exe
- %TEMP%\autf768.tmp
- %TEMP%\aeadzqi
- %TEMP%\1099\1099.exe
- '10.#0.10.10':5552
- '%TEMP%\soro.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\soro.exe" "soro.exe" ENABLE' (with hidden window)