Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7659544FBCB103A6A362BB630A747107372B9F0C' = '%LOCALAPPDATA%\Microsoft\Windows\7659544FBCB103A6A362BB630A747107372B9F0C.exe'
- %LOCALAPPDATA%\f17d18211a98ac0d1907cf6f1948ba765c77c5ee.png
- from <Full path to file> to %LOCALAPPDATA%\microsoft\windows\7659544fbcb103a6a362bb630a747107372b9f0c.exe
- 'ip#####.#hatismyipaddress.com':443
- 'di###rdapp.com':443
- DNS ASK ip#####.#hatismyipaddress.com
- DNS ASK di###rdapp.com