Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '<SYSTEM32>\<File name>.exe'
- <SYSTEM32>\<File name>.exe
- '%TEMP%\dialup.exe' /stext %TEMP%\du.txt' (with hidden window)
- '%TEMP%\passwordfox.exe' /stext %TEMP%\firefox.txt' (with hidden window)
- '%TEMP%\mspass.exe' /stext %TEMP%\mess.txt' (with hidden window)
- '%TEMP%\iepv.exe' /stext %TEMP%\iepv.txt' (with hidden window)
- '%TEMP%\chromepass.exe' /stext %TEMP%\ChromePass.txt' (with hidden window)