Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'taskhostws' = '"%APPDATA%\taskhost local files\taskhost.exe" '
- %APPDATA%\microsoft\windows\start menu\programs\startup\taskhostws.vbs
- <Current directory>\readme.xml2.txt
- <Current directory>\readme.xml3.txt
- <Current directory>\databackup.exe
- %APPDATA%\taskhost local files\taskhost.exe
- %APPDATA%\taskhost local files\readme.xml2.txt
- %APPDATA%\taskhost local files\readme.xml3.txt
- %APPDATA%\taskhost local files\data.exe
- <Current directory>\readme.pdf2.txt
- %APPDATA%\taskhost local files\license.txt
- 'mi###circle.com':80
- DNS ASK mi###circle.com
- DNS ASK xm#.##nercircle.com
- '%APPDATA%\taskhost local files\data.exe' local files\data.exe
- '%APPDATA%\taskhost local files\taskhost.exe' local files\taskhost.exe