23819.rar -

Machine name, IP address, and hardware configurations.

The executable launches and frequently uses "Process Hollowing" to inject malicious code into legitimate Windows processes (like vbc.exe or RegAsm.exe ). 23819.rar

It modifies the Windows Registry (specifically the Run or RunOnce keys) to ensure the malware restarts every time the computer boots up. Machine name, IP address, and hardware configurations