Pattern M

Ports	Infection Listen Egg-download Upload usually 445 135 (100%) 500 (100%) 1026 (100%) 1027 (100%) 445 (47%) 80 (82%) 1031 (35%) 80 (76%) 1029 (41%) 1031 (41%)
Filenames	Processes a.exe (65%)
Registry keys	HKEY_LOCAL_MACHINE@...Microsoft\DownloadManager (100%) HKEY_USERS@...InternetSettings\5.0 (100%) HKEY_USERS@...InternetSettings\Connections (100%) HKEY_USERS@...CurrentVersion\Run (65%)
Snort IDs	1:99913 (100%) 1:2466 (88%) 1:3000003 (88%) 1:2001683 (76%) 555:5555005 (35%)
Static analysis	MD5 7471d2226179e771417d623e1e4d7dc2 (18%)