Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft .NET Framework' = '%APPDATA%\Microsoft\Windows\.NET Framework\taskhost32.exe'
- %APPDATA%\microsoft\windows\.net framework\taskhost32.exe
- %APPDATA%\microsoft\.net framework\corelib\winsr32.exe
- %APPDATA%\microsoft\windows\.net framework\taskhost32.exe
- %APPDATA%\microsoft\.net framework\corelib\winsr32.exe
- DNS ASK mm#####2.crabdance.com
- DNS ASK vi#########orever2013.jumpingcrab.com
- DNS ASK vi#########dhealthy2000.crabdance.com
- DNS ASK bu#######temenow.strangled.net
- DNS ASK re########012allin.servebeer.com
- '%APPDATA%\microsoft\.net framework\corelib\winsr32.exe'