Technical Information
- '<SYSTEM32>\svchost.exe' netsvcs
- <SYSTEM32>\svchost.exe
- %TEMP%\9.tmp
- %TEMP%\8.tmp
- %TEMP%\7.tmp
- %TEMP%\A.tmp
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\E04822AD18D472EA5B582E6E6F8C6B9A
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\E04822AD18D472EA5B582E6E6F8C6B9A
- %TEMP%\B.tmp
- %TEMP%\3.tmp
- %TEMP%\2.tmp
- %TEMP%\1.tmp
- C:\{F7B8F938-44CA-4AF5-82D5-8EFB5A7FD6B0}.log
- %TEMP%\6.tmp
- %TEMP%\~TM5.tmp
- %TEMP%\~TM4.tmp
- %TEMP%\8.tmp
- %TEMP%\7.tmp
- %TEMP%\9.tmp
- %TEMP%\B.tmp
- %TEMP%\A.tmp
- %TEMP%\6.tmp
- %TEMP%\2.tmp
- %TEMP%\1.tmp
- %TEMP%\3.tmp
- %TEMP%\~TM5.tmp
- %TEMP%\~TM4.tmp
- '20#.#6.232.182':80
- 'wp#d':80
- '<Private IP address>':80
- wp#d/wpad.dat
- 20#.#6.232.182/pki/crl/products/WinIntPCA.crl
- <Private IP address>/geter/index_.php?cm###########################################################################
- <Private IP address>/geter/index_.php?cm##################################################
- <Private IP address>/geter/index_.php?cm###############################################################################################
- DNS ASK crl.microsoft.com
- DNS ASK wp#d