Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'FREELANCE' = '%APPDATA%\FREELANCE\FREELANCE.exe'
- '<Full path to file>'
- '<SYSTEM32>\schtasks.exe' /Create /TN "2017 attorneys data\2017 attorneys data" /XML "%APPDATA%\2017 attorneys data\akkkkk.xml"
- %APPDATA%\Imminent\Logs\04-12-2017
- %APPDATA%\Imminent\Monitoring\network.dat
- %APPDATA%\Imminent\Monitoring\system.dat
- %APPDATA%\2017 attorneys data\2017 attorneys data.exe
- %APPDATA%\2017 attorneys data\akkkkk.xml
- %APPDATA%\FREELANCE\FREELANCE.exe
- %APPDATA%\2017 attorneys data\akkkkk.xml
- '17#.#54.223.70':9002