Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'RegAsm' = '%APPDATA%\RegAsm.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\regasm.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\regasm.vbs
- <SYSTEM32>\tasks\regasm
- %APPDATA%\regasm.exe
- '45.##.219.163':6606
- 'google.com':443
- DNS ASK google.com
- '%APPDATA%\regasm.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 60 /tn "RegAsm" /tr "%APPDATA%\RegAsm.exe"' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 60 /tn "RegAsm" /tr "%APPDATA%\RegAsm.exe"