Technical Information
- %TEMP%\svchost.exe
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %HOMEPATH%\desktop\vo lam viet.lnk
- http://at####.s2lol.com/action200.php
- http://at####.s2lol.com/svchost.exe
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK s2##l.com
- DNS ASK up####.volamvietpk.net
- DNS ASK at####.s2lol.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Get-MpPreference -verbose
- '<SYSTEM32>\sc.exe' create "NetworkService" DisplayName= "Host Process for Windows Services" binPath= "%TEMP%\svchost.exe"
- '<SYSTEM32>\sc.exe' config NetworkService start= auto
- '<SYSTEM32>\sc.exe' failure NetworkService reset= 60 actions= restart/0/restart/0/restart/0