Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '930E350DF081E30C775A40D63BFB1EB46067DA49' = '%LOCALAPPDATA%\Microsoft\Windows\930E350DF081E30C775A40D63BFB1EB46067DA49.exe'
- %LOCALAPPDATA%\21bd45c8af002758fdbed030d0c28995fcafb5d5.png
- from <Full path to file> to %LOCALAPPDATA%\microsoft\windows\930e350df081e30c775a40d63bfb1eb46067da49.exe
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK ip#####.#hatismyipaddress.com
- DNS ASK di###rdapp.com
- DNS ASK microsoft.com