Sends a POST request to a hardcoded C2 URL containing an encoded string of the victim's system data.
Unusual HTTP traffic to .top , .pw , or .site domains. sc25667-IMPv10403.rar
Suspicious instances of svchost.exe or werfault.exe spawned from unexpected directories. Sends a POST request to a hardcoded C2