Smitfraud-C.: [SBI $99619F8C] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1644491937-1303643608-725345543-1003\Software\Microsoft\instkey
Virtumonde: [SBI $4D2BC948] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim
Virtumonde: [SBI $779C9C0D] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP
Virtumonde: [SBI $FD08B4B7] Configuration file (File, fixed)
C:\WINDOWS\system32\uvDNmnpo.ini2
Virtumonde: [SBI $2A2DCEAC] Configuration file (File, fixed)
C:\WINDOWS\system32\uvDNmnpo.ini