Technical Information
- [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '<File name>' = '<Full path to file>'
- %LOCALAPPDATA%\178bfbff000406f1
- <PATH_SAMPLE>.data
- %TEMP%\swtn8waim06f3ub2\010fth6f29ymq.exe
- %TEMP%\swtn8waim06f3ub2\l4b4z1rvj07m4de063yc3.exe
- %TEMP%\swtn8waim06f3ub2\l4b4z1rvj07m4de063yc3.data
- '10#.#05.6.24':80
- '18#.#7.195.158':9999
- http://10#.#05.6.24/uploads/dier/1.dll
- '18#.#7.195.158':9999
- '%TEMP%\swtn8waim06f3ub2\010fth6f29ymq.exe'
- '%TEMP%\swtn8waim06f3ub2\l4b4z1rvj07m4de063yc3.exe'