Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'blablaProduct' = '%APPDATA%\openclean.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- %APPDATA%\Imminent\Logs\01-11-2017
- %APPDATA%\Imminent\Monitoring\system.dat
- %APPDATA%\Imminent\Monitoring\network.dat
- %TEMP%\aut1.tmp
- %TEMP%\eljiqgv
- %APPDATA%\openclean.exe
- %APPDATA%\openclean.exe
- %TEMP%\eljiqgv
- %TEMP%\aut1.tmp
- 'sh####m.duckdns.org':1800
- DNS ASK sh####m.duckdns.org