Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'IDT' = '%ALLUSERSPROFILE%\IDT\svchost.exe'
- %ALLUSERSPROFILE%\idt\svchost.exe
- '2.###.130.23':443
- 'microsoft.com':80
- 'to###.keycdn.com':443
- 'ap#.#pify.org':443
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- '2.###.130.23':443
- 'to###.keycdn.com':443
- 'ap#.#pify.org':443
- DNS ASK microsoft.com
- DNS ASK to###.keycdn.com
- DNS ASK ap#.#pify.org
- '%ALLUSERSPROFILE%\idt\svchost.exe'
- '<SYSTEM32>\cmd.exe' /C REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v IDT /t REG_EXPAND_SZ /d "%PROGRAMDATA%\IDT\svchost.exe" /f
- '<SYSTEM32>\reg.exe' ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v IDT /t REG_EXPAND_SZ /d "%ALLUSERSPROFILE%\IDT\svchost.exe" /f