Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HijackThis' = '<Full path to file>'
- [<HKLM>\System\CurrentControlSet\Services\IKEEXT] 'Start' = '00000002'
- User Account Control (UAC)
- '<SYSTEM32>\netsh.exe' firewall set opmode disable
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012020030820200309\index.dat
- http://bo####.4chan.org/b/
- http://www.om##le.com/
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK li#####cams.fileave.com
- DNS ASK bo####.4chan.org
- DNS ASK x4##an.org
- DNS ASK kr##i.net
- DNS ASK om##le.com