Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'Load' = '%APPDATA%\fw33w1c\f21gf13gf.exe'
- %APPDATA%\fw33w1c\f21gf13gf.exe
- %APPDATA%\g1tgfg.exe
- %APPDATA%\fw33w1c\f21gf13gf.exe.bat
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\run.dat
- %APPDATA%\g1tgfg.exe
- '21#.#8.7.242':1620
- '%APPDATA%\fw33w1c\f21gf13gf.exe'
- '%WINDIR%\syswow64\cmd.exe' /c %APPDATA%\fw33w1c\f21gf13gf.exe.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\reg.exe' add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "%APPDATA%\fw33w1c\f21gf13gf.exe" /f
- '%WINDIR%\syswow64\cmd.exe' /c %APPDATA%\fw33w1c\f21gf13gf.exe.bat
- '%WINDIR%\syswow64\timeout.exe' /t 60
- '%WINDIR%\syswow64\tasklist.exe' /nh /fi "imagename eq g1tgfg.exe"
- '%WINDIR%\syswow64\find.exe' /i "g1tgfg.exe"