Technical Information
- <SYSTEM32>\tasks\chromea
- %TEMP%\chromea.exe
- %TEMP%\chromea.exe
- 'wi####.duckdns.org':7000
- DNS ASK wi####.duckdns.org
- '%TEMP%\chromea.exe'
- '%TEMP%\chromea.exe' ' (with hidden window)
- '<SYSTEM32>\taskeng.exe' {52279E0A-F080-47DF-A23C-3219AFFEFBA2} S-1-5-21-1960123792-2022915161-3775307078-1001:hualhvl\user:Interactive:[1]