Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'yBBQmQkETJ' = '%APPDATA%\DzXbPNZpDi\TkHrLGGXmL.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '20454be6a3c87753836a44719cdc8048' = '"%TEMP%\Systemupdate.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '20454be6a3c87753836a44719cdc8048' = '"%TEMP%\Systemupdate.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\20454be6a3c87753836a44719cdc8048.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\Systemupdate.exe" "Systemupdate.exe" ENABLE
- systemupdate.exe
- %APPDATA%\dzxbpnzpdi\tkhrlggxml.exe
- %TEMP%\systemupdate.exe
- '19#.#6.168.101':5454
- '%TEMP%\systemupdate.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\Systemupdate.exe" "Systemupdate.exe" ENABLE' (with hidden window)