Technical Information
- <SYSTEM32>\tasks\bot
- <SYSTEM32>\svchost.exe
- %APPDATA%\<File name>.exe
- <SYSTEM32>\config\systemprofile\appdata\roaming\<File name>.exe
- <SYSTEM32>\config\systemprofile\appdata\roaming\client_id
- <SYSTEM32>\config\systemprofile\appdata\roaming\group_tag
- %APPDATA%\<File name>.exe
- '36.#7.176.6':443
- http://my####rnalip.com/raw
- DNS ASK my####rnalip.com
- '%APPDATA%\<File name>.exe' "<Full path to file>"
- '%APPDATA%\<File name>.exe'
- '<SYSTEM32>\config\systemprofile\appdata\roaming\<File name>.exe' "%APPDATA%\<File name>.exe"
- '<SYSTEM32>\config\systemprofile\appdata\roaming\<File name>.exe'
- '%APPDATA%\<File name>.exe' ' (with hidden window)
- '<SYSTEM32>\svchost.exe' ' (with hidden window)
- '<SYSTEM32>\config\systemprofile\appdata\roaming\<File name>.exe' ' (with hidden window)
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\svchost.exe' "<Full path to file>"
- '<SYSTEM32>\svchost.exe' "%APPDATA%\<File name>.exe"