Technical Information
- %WINDIR%\tasks\passwordmash.job
- <SYSTEM32>\tasks\passwordmash
- %ALLUSERSPROFILE%\{9cf3aead-3fb7-7f31-9cf3-3aead3fbbab4}\<File name>.exe
- %ALLUSERSPROFILE%\{9cf3aead-3fb7-7f31-9cf3-3aead3fbbab4}\<File name>.dat
- 'gr###model.biz':80
- 'ce####-ring.link':80
- DNS ASK gr###model.biz
- DNS ASK ce####-ring.link