Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '6wKOGGPzXGAP3C50' = '%APPDATA%\FdSmzmQ47zwNhpcw\mSkY7YustScZ.exe'
- '%TEMP%\2.tmp\extd.exe' "/messagebox" "Title" "Press OK and wait" "" "" "" "" "" ""
- '%TEMP%\atBXz7ore4dwvAvo.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\3.bat" "%TEMP%\atBXz7ore4dwvAvo.exe""
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- <Current directory>\el
- %APPDATA%\Imminent\Logs\01-11-2017
- %TEMP%\Z4vjJ4z2IqaF0aAa
- %APPDATA%\FdSmzmQ47zwNhpcw\mSkY7YustScZ.exe
- %TEMP%\atBXz7ore4dwvAvo.exe
- %APPDATA%\FdSmzmQ47zwNhpcw\mSkY7YustScZ.exe
- 'gu######riot.duckdns.org':9333
- DNS ASK gu######riot.duckdns.org