Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'namereg' = '%CommonProgramFiles%\install\update.exe'
- '%CommonProgramFiles%\start\updat2e.exe'
- '%CommonProgramFiles%\start\updat2e.exe' (downloaded from the Internet)
- %CommonProgramFiles%\start\updat2e.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\2[1].exe
- %CommonProgramFiles%\start\updat2e.exe
- 'www.si###xcall.com':80
- www.si###xcall.com/2.exe
- DNS ASK www.si###xcall.com