Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'C02C69BAC5754CA2F4645C93A171441A9F4B20D7' = '%LOCALAPPDATA%\Microsoft\Windows\C02C69BAC5754CA2F4645C93A171441A9F4B20D7.exe'
- <SYSTEM32>\tasks\svchost
- %HOMEPATH%\documents\idf.txt
- from <Full path to file> to %LOCALAPPDATA%\microsoft\windows\c02c69bac5754ca2f4645c93a171441a9f4b20d7.exe
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK ix##re.xyz
- DNS ASK ip#####.#hatismyipaddress.com
- DNS ASK microsoft.com
- '<SYSTEM32>\schtasks.exe' /create /tn "svchost" /sc ONLOGON /tr "%LOCALAPPDATA%\Microsoft\Windows\C02C69BAC5754CA2F4645C93A171441A9F4B20D7.exe" /rl HIGHEST /f