Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'svchost' = '<Full path to file>'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7J1SOJ4D-DK37-NHK7-VA0E-3KOHLG31QX7M}] 'StubPath' = '"<Full path to file>"'
- <Current directory>\.identifier
- <Current directory>\.identifier
- 'microsoft.com':80
- 'oc##.thawte.com':80
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://oc##.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D
- DNS ASK microsoft.com
- DNS ASK pa######102.serveftp.com
- DNS ASK oc##.thawte.com
- '%WINDIR%\syswow64\cmd.exe'