Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'root\' = '%APPDATA%\root\omjrgHAt.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe'
- '<SYSTEM32>\cmd.exe' /C move /y "%TEMP%\omjrgHAt.exe.lnk" "%HOMEPATH%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\omjrgHAt.exe.lnk"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- %APPDATA%\Imminent\Logs\12-10-2017
- %APPDATA%\root\omjrgHAt.exe
- %TEMP%\omjrgHAt.exe.lnk
- 'ne####s225.ddns.net':11000
- DNS ASK ne####s225.ddns.net