Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'NetWeaveClient' = '<SYSTEM32>\NetWeave\Client\Client.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1339FCFF-27AC-4C66-8D19-A8133699D552}] 'StubPath' = '<SYSTEM32>\NetWeave\Client\Client.exe'
- %WINDIR%\syswow64\cmd.exe
- %WINDIR%\syswow64\netweave\client\client.exe
- DNS ASK ho###.kaspyrsky.net
- '%WINDIR%\syswow64\cmd.exe'