Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'Load' = '%APPDATA%\file_2018-03-04_031425.exe'
- '' (downloaded from the Internet)
- %APPDATA%\file_2018-03-04_031425.exe
- '4.####ram-iq.com':80
- http://4.####ram-iq.com/uploads/file_2018-07-17_163832.exe
- DNS ASK 4.####ram-iq.com
- '%APPDATA%\file_2018-03-04_031425.exe'