Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\leadslined.lnk
- %WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe
- %APPDATA%\leadslined.exe
- %HOMEPATH%\leadslined.vbs
- %APPDATA%\597d9903-ea81-40e6-803a-40d3e5258fa4\run.dat
- %HOMEPATH%\leadslined.vbs
- 'im#####.speedfastmaking.com':1111
- 'localhost':1111
- DNS ASK im#####.speedfastmaking.com
- '<SYSTEM32>\cscript.exe' //B //Nologo %HOMEPATH%\leadslined.vbs
- '<SYSTEM32>\cscript.exe' //B //Nologo %HOMEPATH%\leadslined.vbs' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe'