Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'MNOMJ5J7351RLJDE51479' = '%ALLUSERSPROFILE%\google-a949d30e-e05b-41d5-a093-3fe56235581a\MNOMJ5J7351RLJDE514...
- %ALLUSERSPROFILE%\google-a949d30e-e05b-41d5-a093-3fe56235581a\mnomj5j7351rljde51479.exe
- %ALLUSERSPROFILE%\google-a949d30e-e05b-41d5-a093-3fe56235581a\mnomj5j7351rljde51479.data
- %ALLUSERSPROFILE%\google-a949d30e-e05b-41d5-a093-3fe56235581a\goopdate.dll
- %LOCALAPPDATA%\178bfbff000406f1
- %ALLUSERSPROFILE%\google-a949d30e-e05b-41d5-a093-3fe56235581a\key
- %ALLUSERSPROFILE%\google-a949d30e-e05b-41d5-a093-3fe56235581a\key
- 'ax######.space-to-rent.com':8080
- 'ax######.space-to-rent.com':12345
- http://ax######.space-to-rent.com:8080/8X/client.dll via ax######.space-to-rent.com
- 'ax######.space-to-rent.com':12345
- DNS ASK ax######.space-to-rent.com
- 'localhost':57126
- 'localhost':56857
- '%ALLUSERSPROFILE%\google-a949d30e-e05b-41d5-a093-3fe56235581a\mnomj5j7351rljde51479.exe'
- '%WINDIR%\syswow64\cmd.exe' /c start %ALLUSERSPROFILE%\google-a949d30e-e05b-41d5-a093-3fe56235581a\MNOMJ5J7351RLJDE51479.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c start %ALLUSERSPROFILE%\google-a949d30e-e05b-41d5-a093-3fe56235581a\MNOMJ5J7351RLJDE51479.exe