Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'sidebar' = '%APPDATA%\Sample.lnk'
- %APPDATA%\sample.lnk
- %APPDATA%\pl\<File name>.exe
- %APPDATA%\pl\<File name>.exe
- 'microsoft.com':80
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK microsoft.com
- '%WINDIR%\syswow64\cmd.exe'