Technical Information
- %TEMP%\rarsfx0\compile.bat
- %TEMP%\rarsfx0\exploitdecompiled.exe
- %TEMP%\rarsfx1\compressed payload.exe
- %TEMP%\ixp000.tmp\abcd.exe
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\run.dat
- %TEMP%\rarsfx0\compile.bat
- %TEMP%\rarsfx0\exploitdecompiled.exe
- 'Ha########123-64129.portmap.host':64129
- 'st##ify.co':443
- DNS ASK st##ify.co
- DNS ASK Ha########123-64129.portmap.host
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'DDEMLMom' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'Static' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%TEMP%\rarsfx0\exploitdecompiled.exe' -p123 -d%LOCALAPPDATA%\Temp
- '%TEMP%\rarsfx1\compressed payload.exe'
- '%TEMP%\ixp000.tmp\abcd.exe'
- '%TEMP%\ixp000.tmp\abcd.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\RarSFX0\Compile.bat" "