Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '{BD6CD86B-CE0C-9472-73B2-D25E09B94C35}' = '"%APPDATA%\{217CF05B-E63C-0862-73B2-D25E09B94C35}\8CC320C4.exe"'
- '<SYSTEM32>\svchost.exe'
- %TEMP%\1CA3BAE31.tmp
- %APPDATA%\state.tmp
- %ALLUSERSPROFILE%\Application Data\salt.dat
- %APPDATA%\{217CF05B-E63C-0862-73B2-D25E09B94C35}\8CC320C4.exe
- <Full path to file>
- '52.##.214.72':443
- '19#.#54.238.52':443
- 'ip##fo.io':443
- 'localhost':1036
- '13#.#88.40.189':443
- DNS ASK ip##fo.io
- ClassName: 'menu' WindowName: ''
- ClassName: 'MSPaintApp' WindowName: ''