Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\4697ce9a37ebdd3140c23f89f49156ed.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\AbdowDz.eXe' = '%TEMP%\AbdowDz.eXe:*:Enabled:AbdowDz.eXe'
- '%TEMP%\AbdowDz.eXe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\AbdowDz.eXe" "AbdowDz.eXe" ENABLE
- %TEMP%\AbdowDz.eXe
- 'ab####dz.no-ip.biz':1177
- DNS ASK ab####dz.no-ip.biz