Technical Information
- %WINDIR%\tasks\focuspick.job
- <SYSTEM32>\tasks\focuspick
- [<HKLM>\System\CurrentControlSet\Services\Narcissistic Life] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Narcissistic Life] 'ImagePath' = '%APPDATA%\Narcissistic Life\Narcissistic Life.exe'
- 'Narcissistic Life' %APPDATA%\Narcissistic Life\Narcissistic Life.exe
- %ALLUSERSPROFILE%\{124ca399-8f2e-8b2d-124c-ca3998f28e66}\<File name>.exe
- %ALLUSERSPROFILE%\{124ca399-8f2e-8b2d-124c-ca3998f28e66}\<File name>.dat
- %APPDATA%\narcissistic life\narcissistic life.exe
- %APPDATA%\narcissistic life\fba00.dat
- 'al####el-pro.com':80
- 'ce####-ring.info':80
- http://ce####-ring.info/?q=######################################################################################################################################################################...
- DNS ASK ce####-ring.info
- DNS ASK al####el-pro.com
- '%APPDATA%\narcissistic life\narcissistic life.exe'