Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '"<Full path to file>" ..'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '"<Full path to file>" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\java update.exe
- 'ro######emotorcycles.com':80
- '3.###.125.175':10307
- http://ro######emotorcycles.com/decal/decal.txt
- '3.###.125.175':10307
- DNS ASK ro######emotorcycles.com