Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'MaxLoonaFest1' = '%LOCALAPPDATA%\MaxLoonaFest1\MaxLoonaFest1.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\fanbooster1.lnk
- <SYSTEM32>\tasks\officetrackernmp1 hr
- <SYSTEM32>\tasks\officetrackernmp1 lg
- %LOCALAPPDATA%\maxloonafest1\maxloonafest1.exe
- %TEMP%\fanbooster1\fanbooster1.exe
- %ALLUSERSPROFILE%\officetrackernmp1\officetrackernmp1.exe
- %TEMP%\rise1m9asphalt.tmp
- '19#.#69.175.128':50500
- 'ip##fo.io':443
- 'db##p.com':443
- 'ma##ind.com':80
- http://www.ma##ind.com/geoip/v2.1/city/me
- '19#.#69.175.128':50500
- 'ip##fo.io':443
- 'db##p.com':443
- DNS ASK ip##fo.io
- DNS ASK db##p.com
- DNS ASK ma##ind.com
- '<SYSTEM32>\schtasks.exe' /create /f /RU "user" /tr "%ALLUSERSPROFILE%\OfficeTrackerNMP1\OfficeTrackerNMP1.exe" /tn "OfficeTrackerNMP1 HR" /sc HOURLY /rl HIGHEST
- '<SYSTEM32>\schtasks.exe' /create /f /RU "user" /tr "%ALLUSERSPROFILE%\OfficeTrackerNMP1\OfficeTrackerNMP1.exe" /tn "OfficeTrackerNMP1 LG" /sc ONLOGON /rl HIGHEST