Technical Information
Malicious functions:
Executes the following:
- '<SYSTEM32>\net1.exe' start winevent
- '<SYSTEM32>\net1.exe' stop winevent
- '<SYSTEM32>\net.exe' stop winevent
Modifies file system :
Creates the following files:
- <SYSTEM32>\winevents.exe