Technical Information
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] '667376' = '%LOCALAPPDATA%\667376.dat'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '667376' = '%LOCALAPPDATA%\667376.dat'
- %APPDATA%\microsoft\windows\start menu\programs\startup\667376.dat
- '%APPDATA%\microsoft\windows\templates\667376.dat'
- %APPDATA%\microsoft\windows\templates\667376.dat
- %LOCALAPPDATA%\667376.dat
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\startup\667376.dat
- D:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\desktop.ini.id[fbbfde6f-2987].[crioso@protonmail.com].eking
- D:\install.log.id[fbbfde6f-2987].[crioso@protonmail.com].eking
- http://su#####vacations.com/logs/winrar.exe
- DNS ASK su#####vacations.com
- '<SYSTEM32>\cmd.exe' ' (with hidden window)
- '<SYSTEM32>\cmd.exe'