Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\stkrzhjk.lnk
- %WINDIR%\syswow64\svchost.exe
- %APPDATA%\osillzcwxbsr\5059.xml
- %WINDIR%\syswow64\.identifier
- %WINDIR%\syswow64\.identifier
- from %APPDATA%\osillzcwxbsr\5059.xml to %APPDATA%\osillzcwxbsr\tq1vb72t6bix.exe
- 'microsoft.com':80
- '46.##6.161.71':3360
- 'oc##.thawte.com':80
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
- http://oc##.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D
- DNS ASK microsoft.com
- DNS ASK st####.rapidssl.com
- DNS ASK oc##.thawte.com
- '%WINDIR%\syswow64\svchost.exe'