Technical Information
- [<HKCU>\software\Microsoft\Windows\CurrentVersion\Run] 'Host Process for Windows Services' = '%HOMEPATH%\msdata\network.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Host Process for Windows Services' = '%HOMEPATH%\msdata\network.exe'
- %HOMEPATH%\msdata\svchost.exe
- %HOMEPATH%\msdata\network.exe
- %HOMEPATH%\msdata\svchost.exe
- %HOMEPATH%\msdata\network.exe
- from %TEMP%\ose00000.exe to %TEMP%\tep512366
- http://ap#.##pmania.com/
- http://os##ec.com/bot.php?ip#################################################################################################
- http://os##ec.com/logs.php?da######################################################################################
- DNS ASK ap#.##pmania.com
- DNS ASK os##ec.com
- '%HOMEPATH%\msdata\svchost.exe'
- '<SYSTEM32>\cmd.exe' /k <SYSTEM32>\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f' (with hidden window)
- '<SYSTEM32>\cmd.exe' /k <SYSTEM32>\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f
- '<SYSTEM32>\reg.exe' ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f