Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'explorer.exe' = '%APPDATA%\system32\explorer.exe'
- '<SYSTEM32>\schtasks.exe' /Create /TN "Update\Microsoft" /XML "%TEMP%\z150"
- %APPDATA%\system32\explorer.exe
- %APPDATA%\Imminent\Logs\22-03-2017
- %APPDATA%\Microsoft.exe
- %TEMP%\z150
- %TEMP%\z150
- '10#.#96.24.58':1604