Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\updater.exe
- %HOMEPATH%\string1.txt
- %HOMEPATH%\py.bat
- %HOMEPATH%\string1.txt
- %HOMEPATH%\py.bat
- %HOMEPATH%\py.bat
- 'pa###bin.com':443
- 'microsoft.com':80
- 'cd#.##scordapp.com':443
- 'py##on.org':443
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'pa###bin.com':443
- 'cd#.##scordapp.com':443
- 'py##on.org':443
- DNS ASK pa###bin.com
- DNS ASK microsoft.com
- DNS ASK cd#.##scordapp.com
- DNS ASK py##on.org
- '<SYSTEM32>\cmd.exe' /c %HOMEPATH%\py.bat