Technical Information
- '<SYSTEM32>\schtasks.exe' /create /TN "Windows\Windows Fixer 1650 " /XML "%HOMEPATH%\AppData\Local\cS1V64tMRz\x"
- '%HOMEPATH%\AppData\Local\cS1V64tMRz\csrsst.exe'
- '%HOMEPATH%\AppData\Local\cS1V64tMRz\csrsst-t.exe'
- %HOMEPATH%\AppData\Local\cS1V64tMRz\XML.txt
- %HOMEPATH%\AppData\Local\cS1V64tMRz\x
- %APPDATA%\Imminent\Logs\28-07-2017
- %HOMEPATH%\AppData\Local\cS1V64tMRz\csrsst-t.exe
- %HOMEPATH%\AppData\Local\cS1V64tMRz\csrss.Text
- %HOMEPATH%\AppData\Local\cS1V64tMRz\MCconfig.dll
- %HOMEPATH%\AppData\Local\cS1V64tMRz\WindowsCodecsRaw.txt
- from %HOMEPATH%\AppData\Local\cS1V64tMRz\csrss.Text to %HOMEPATH%\AppData\Local\cS1V64tMRz\csrsst.exe
- '1.###gx.info':1337
- DNS ASK 1.###gx.info