Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '47VMQUB366R9Q1' = '%ALLUSERSPROFILE%\google-06bb98e6-f4a0-4079-8881-eade52fc15ff\47VMQUB366R9Q1.exe'
- %ALLUSERSPROFILE%\google-06bb98e6-f4a0-4079-8881-eade52fc15ff\47vmqub366r9q1.exe
- %ALLUSERSPROFILE%\google-06bb98e6-f4a0-4079-8881-eade52fc15ff\47vmqub366r9q1.data
- %ALLUSERSPROFILE%\google-06bb98e6-f4a0-4079-8881-eade52fc15ff\goopdate.dll
- %LOCALAPPDATA%\178bfbff000306f2
- %ALLUSERSPROFILE%\google-06bb98e6-f4a0-4079-8881-eade52fc15ff\key
- %ALLUSERSPROFILE%\google-06bb98e6-f4a0-4079-8881-eade52fc15ff\key
- 'ax######.space-to-rent.com':8080
- 'ax######.space-to-rent.com':12345
- http://ax######.space-to-rent.com:8080/8X/client.dll via ax######.space-to-rent.com
- 'ax######.space-to-rent.com':12345
- DNS ASK ax######.space-to-rent.com
- '%ALLUSERSPROFILE%\google-06bb98e6-f4a0-4079-8881-eade52fc15ff\47vmqub366r9q1.exe'
- '%WINDIR%\syswow64\cmd.exe' /c start %ALLUSERSPROFILE%\google-06bb98e6-f4a0-4079-8881-eade52fc15ff\47VMQUB366R9Q1.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c start %ALLUSERSPROFILE%\google-06bb98e6-f4a0-4079-8881-eade52fc15ff\47VMQUB366R9Q1.exe