Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Host Process for Setting Synchronization.exe' = '%TEMP%\K3SO7C0B'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Runtime Broker.exe' = '<Full path to file>'
- %TEMP%\k3so7c0b
- <Full path to file>
- %TEMP%\k3so7c0b
- 'ip#####.#hatismyipaddress.com':443
- 'microsoft.com':80
- 'lu#####abber.loca.lt':443
- 'ip#####.#hatismyipaddress.com':443
- 'lu#####abber.loca.lt':443
- DNS ASK ip#####.#hatismyipaddress.com
- DNS ASK microsoft.com
- DNS ASK lu#####abber.loca.lt
- '%WINDIR%\syswow64\cmd.exe' /c wmic csproduct get UUID
- '%WINDIR%\syswow64\wbem\wmic.exe' csproduct get UUID