Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run\] 'Rmc-NT0JNG' = '"%ALLUSERSPROFILE%\Remcos\remcos.exe"'
- [HKLM\Software\Microsoft\Windows\CurrentVersion\Run\] 'Rmc-NT0JNG' = '"%ALLUSERSPROFILE%\Remcos\remcos.exe"'
- remcos.exe
- C:\users\public\vlkkqasyibgdtlsvhzbnyahry.bin
- %ALLUSERSPROFILE%\remcos\remcos.exe
- '45.##3.184.199':80
- '18#.#57.162.241':1303
- 'ge###ugin.net':80
- http://45.##3.184.199/encrypt.bin
- http://ge###ugin.net/json.gp
- '18#.#57.162.241':1303
- DNS ASK ge###ugin.net
- '%ALLUSERSPROFILE%\remcos\remcos.exe'