Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\NWCWorkstation\Parameters] 'ServiceDll' = '<SYSTEM32>\NWCWorkstationx.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\NWCWorkstation] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
- [<HKLM>\SYSTEM\ControlSet001\Services\NWCWorkstation] 'Start' = '00000002'
- <SYSTEM32>\wizlang.dat
- %TEMP%\msgl.bat
- <SYSTEM32>\samba.inf
- %TEMP%\0001DA6D
- <SYSTEM32>\auxtmp.dll
- <Full path to file>
- %TEMP%\0001DA6D
- from <SYSTEM32>\auxtmp.dll to <SYSTEM32>\NWCWorkstationx.dll
- '18#.#50.49.156':443
- '<SYSTEM32>\cmd.exe' /c %TEMP%\msgl.bat