Technical Information
- '' (downloaded from the Internet)
- '%HOMEPATH%\documents\todxofs.exe'
- <SYSTEM32>\wermgr.exe
- %HOMEPATH%\documents\todxofs.exe
- %TEMP%\log1b6f.tmp
- %TEMP%\log1b6f.tmp
- '5.#.81.68':443
- http://oc##.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D
- DNS ASK po##.works
- DNS ASK oc##.thawte.com
- '%HOMEPATH%\documents\todxofs.exe' ' (with hidden window)
- '<SYSTEM32>\wermgr.exe' ' (with hidden window)
- '<SYSTEM32>\wermgr.exe'