Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'hhq' = '%ALLUSERSPROFILE%\Start Menu\Programs\sptf.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\zkos.eu.url
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- %APPDATA%\Imminent\Logs\03-12-2017
- %APPDATA%\Imminent\Monitoring\network.dat
- %APPDATA%\Imminent\Monitoring\system.dat
- %TEMP%\J3PvXC6aC.nE
- %APPDATA%\zkos\zkos.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\sptf.exe
- %TEMP%\aut1.tmp
- %TEMP%\aut1.tmp
- 'sh####m.duckdns.org':1800
- DNS ASK sh####m.duckdns.org