Technical Information
- '%TEMP%\Windows update.exe'
- '%TEMP%\Windows update.exe' (downloaded from the Internet)
- '<SYSTEM32>\wermgr.exe' -queuereporting
- '<SYSTEM32>\rundll32.exe' "<SYSTEM32>\WININET.dll",DispatchAPICall 1
- %TEMP%\Windows update.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\Windows_update[1].exe
- %TEMP%\Windows update.exe
- 'rg##st.ru':80
- rg##st.ru/download/50392774/790387da9af9dab9f6a70371dd96cf39003fa59b/Windows_update.exe
- DNS ASK rg##st.ru