Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Core Default' = '%APPDATA%\crdflt\cordefile.exe'
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\bnIEouZIra\ye9x7i.vbs"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe'
- '<SYSTEM32>\rundll32.exe' ysgn.dll sx
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- %TEMP%\lol.bin
- %APPDATA%\crdflt\cordefile.exe
- %APPDATA%\Imminent\Logs\02-12-2017
- %HOMEPATH%\bnIEouZIra\ye9x7i.vbs
- %HOMEPATH%\bnIEouZIra\x
- %HOMEPATH%\bnIEouZIra\ysgn.dll
- '<L####NET>.0.100':30599
- ClassName: 'EDIT' WindowName: ''