Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Microsoft' = '%ALLUSERSPROFILE%\SoundDriver\svchost.exe'
- %WINDIR%\syswow64\svchost.exe
- %TEMP%\aut958a.tmp
- %TEMP%\test.a3x
- %TEMP%\aut9fb8.tmp
- %TEMP%\data.bin
- %TEMP%\auta026.tmp
- %TEMP%\sh.bin
- %TEMP%\image.png
- %ALLUSERSPROFILE%\sounddriver\svchost.exe
- %TEMP%\se.exe
- %APPDATA%\imminent\logs\19-10-2020
- %TEMP%\aut958a.tmp
- %TEMP%\aut9fb8.tmp
- %TEMP%\auta026.tmp
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK microsoft.com
- DNS ASK lo###.no-ip.info
- '%TEMP%\se.exe'
- '%TEMP%\se.exe' ' (with hidden window)
- '%WINDIR%\syswow64\svchost.exe'