Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '765bcb2a9d8a6a686559411d153437c4' = '%TEMP%\Microsoft\MyClient\lol.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '765bcb2a9d8a6a686559411d153437c4' = '<Full path to file>'
- lol.exe
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\61630912f94f22876d7e36ff0a926b5b_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %TEMP%\microsoft\myclient\lol.exe
- %TEMP%\microsoft\myclient\lol.exe
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\61630912f94f22876d7e36ff0a926b5b_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- 'localhost':80
- '%TEMP%\microsoft\myclient\lol.exe'