Technical Information
- %WINDIR%\winhlp32.exe
- %TEMP%\dynwrapx.dll
- 'microsoft.com':80
- 'co#####evito.no-ip.org':10000
- 'oc##.thawte.com':80
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://oc##.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D
- DNS ASK microsoft.com
- DNS ASK co#####evito.no-ip.org
- DNS ASK oc##.thawte.com
- ClassName: 'ConsoleWindowClass' WindowName: ''
- '%WINDIR%\syswow64\regsvr32.exe' /I /S "%TEMP%\dynwrapx.dll"' (with hidden window)
- '%WINDIR%\syswow64\wscript.exe' //b //e:vbscript "<PATH_SAMPLE>.vbs"
- '%WINDIR%\syswow64\regsvr32.exe' /I /S "%TEMP%\dynwrapx.dll"
- '%WINDIR%\winhlp32.exe'