Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Base64Kernel' = '%ProgramFiles%\speccy\Base64.exe'
- %TEMP%\ixp000.tmp\chat.exe
- %TEMP%\ixp000.tmp\base64.exe
- %WINDIR%\kernelbase64.txt
- %ProgramFiles%\speccy\base65.exe
- '31.##4.130.207':80
- http://ha####.##bergementoffshore.com/INFO.txt
- '%TEMP%\ixp000.tmp\base64.exe'
- '%ProgramFiles%\speccy\base65.exe'
- '%TEMP%\ixp000.tmp\chat.exe'
- '%TEMP%\ixp000.tmp\base64.exe' ' (with hidden window)
- '%TEMP%\ixp000.tmp\chat.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c mkdir %ProgramFiles%\speccy\
- '%WINDIR%\syswow64\cmd.exe' /c mkdir "%ProgramFiles%\speccy"