Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8D1A291D08112107505A637A2D5AA8A9A9382FCC' = '%LOCALAPPDATA%\Microsoft\Windows\8D1A291D08112107505A637A2D5AA8A9A9382FCC.exe'
- from <Full path to file> to %LOCALAPPDATA%\microsoft\windows\8d1a291d08112107505a637a2d5aa8a9a9382fcc.exe
- 'ip#####.#hatismyipaddress.com':443
- 'di###rdapp.com':443
- DNS ASK ip#####.#hatismyipaddress.com
- DNS ASK di###rdapp.com