Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'Load' = '%APPDATA%\file_2018-03-21_080622.exe'
- '' (downloaded from the Internet)
- %APPDATA%\file_2018-03-21_080622.exe
- '4.####ram-iq.com':80
- http://4.####ram-iq.com/uploads/otroyomismo/file_2018-03-21_080622.exe
- DNS ASK 4.####ram-iq.com
- '%APPDATA%\file_2018-03-21_080622.exe'