Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '{2CA650B1-8552-5371-636E-3D458D74607E}' = '"%APPDATA%\{B0B67881-AD62-CF61-636E-3D458D74607E}\1D09A81E.exe"'
- %TEMP%\8D6932391.tmp
- %APPDATA%\state.tmp
- %ALLUSERSPROFILE%\Application Data\salt.dat
- %APPDATA%\{B0B67881-AD62-CF61-636E-3D458D74607E}\1D09A81E.exe
- <Full path to file>
- '15#.#5.175.225':443
- '52.##.214.72':443
- 'ip##fo.io':443
- 'localhost':1037
- '13#.#88.40.189':443
- DNS ASK ip##fo.io
- '<SYSTEM32>\svchost.exe'