by ?
text string "AICORE" is visible in the executable
Backdoor.Afcore.c: dropped files: c:\WINDOWS\SYSTEM\xxxxxx.DLL size: 20.480 bytes c:\WINDOWS\TEMP\xxxxxxx.dll size: 20.480 bytes c:\WINDOWS\TEMP\xxxxxxx.exe size: 36.865 bytes startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "xxxxxxx" data: "C:\WINDOWS\SYSTEM\xxxxxxx.exe" "xxxxxxx" are random charackters does try to connect to a site in RussiaMegaSecurity