Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AdvFTPSearchUpdate' = '%WINDIR%\autoupdate1.exe'
- '%WINDIR%\autoupdate1.exe'
- '%WINDIR%\autoupdate1.exe' (downloaded from the Internet)
- %WINDIR%\autoupdate1.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\advftpupdate[1].exe
- 'www.ft##ot.net':80
- '21#.#33.108.156':80
- '20#.#6.232.182':80
- www.ft##ot.net/advftpupdate.exe
- 21#.#33.108.156/advsearchup.html
- DNS ASK www.ft##ot.net
- DNS ASK microsoft.com