Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'OsrSbot' = '%APPDATA%\2nevAsPhdOUz3Zwd\viHZiII5U2tX.exe'
- %APPDATA%\Imminent\Logs\15-12-2017
- %APPDATA%\2nevAsPhdOUz3Zwd\viHZiII5U2tX.exe
- %APPDATA%\2nevAsPhdOUz3Zwd\viHZiII5U2tX.exe
- 'ma######age3.crabdance.com':84
- DNS ASK ma######age3.crabdance.com