Technical Information
- <SYSTEM32>\tasks\csrss
- <SYSTEM32>\tasks\taskhost
- <SYSTEM32>\tasks\lsass
- C:\documents and settings\csrss.exe
- C:\documents and settings\886983d96e3d3e31032c679b2d4ea91b6c05afef
- <SYSTEM32>\xactengine2_3\taskhost.exe
- <SYSTEM32>\xactengine2_3\b75386f1303e64d8139363b71e44ac16341adf4e
- <Current directory>\lsass.exe
- <Current directory>\6203df4a6bafc7c328ee7f6f8ca0a8a838a8a1b9
- 'ct####3.tmweb.ru':80
- 'ip##fo.io':443
- http://ct####3.tmweb.ru/linegameApiuniversal.php?I7##############################################################################################################################################...
- DNS ASK ct####3.tmweb.ru
- DNS ASK ip##fo.io
- '<Current directory>\lsass.exe'
- '<SYSTEM32>\schtasks.exe' /create /tn "csrss" /sc ONLOGON /tr "'C:\Documents and Settings\csrss.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "taskhost" /sc ONLOGON /tr "'<SYSTEM32>\xactengine2_3\taskhost.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "lsass" /sc ONLOGON /tr "'<Current directory>\lsass.exe'" /rl HIGHEST /f