Technical Information
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'Updater' = 'C:\Users\belin\AppData\Roaming\Quota.exe\Quota.exe'
- C:\users\belin\appdata\roaming\quota.exe\quota.exe
- C:\users\belin\appdata\roaming\quota.exe\quota.exe
- 'my####rnalip.com':443
- 'ap#.#pstack.com':80
- '<LOCALNET>.8.102':2303
- http://ap#.#pstack.com/82.112.184.232?ac#############################################################
- 'my####rnalip.com':443
- DNS ASK my####rnalip.com
- DNS ASK ap#.#pstack.com
- 'C:\users\belin\appdata\roaming\quota.exe\quota.exe'
- 'C:\users\belin\appdata\roaming\quota.exe\quota.exe' ' (with hidden window)