Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'taskhost' = '<LS_APPDATA>\taskhost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'taskhost' = '<LS_APPDATA>\taskhost.exe'
- '<LS_APPDATA>\taskhost.exe'
- %APPDATA%\Imminent\Logs\03-12-2017
- <LS_APPDATA>\taskhost.exe
- '13#.#9.226.55':11998