Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '20adb7232580aa5b544cdb843006a0ac' = '"%TEMP%\server.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '20adb7232580aa5b544cdb843006a0ac' = '"%TEMP%\server.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\server.exe" "server.exe" ENABLE
- %TEMP%\fud.bat
- %TEMP%\server.sfx.exe
- %TEMP%\rarsfx0\server.exe
- %TEMP%\server.exe
- 'mo###o.ddns.net':5552
- DNS ASK mo###o.ddns.net
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\server.sfx.exe' -p123 -d%LOCALAPPDATA%\Temp
- '%TEMP%\rarsfx0\server.exe'
- '%TEMP%\server.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\server.exe" "server.exe" ENABLE' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\fud.bat" "