Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'wVJIA' = '%ALLUSERSPROFILE%\NetSrv2.0\Data\credwiz.exe'
- '%ALLUSERSPROFILE%\netsrv2.0\data\credwiz.exe'
- %ALLUSERSPROFILE%\netsrv2.0\data\credwiz.exe
- %ALLUSERSPROFILE%\netsrv2.0\data\duser.dll
- 'mo##lla.org':443
- 'x.##2.us':80
- 'microsoft.com':80
- http://x.##2.us/x.cer
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'mo##lla.org':443
- DNS ASK tr###-info.net
- DNS ASK mo##lla.org
- DNS ASK x.##2.us
- DNS ASK microsoft.com