Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4a80db4ba361a17d379f98f9a145369f' = '"%TEMP%\sysupdates.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '4a80db4ba361a17d379f98f9a145369f' = '"%TEMP%\sysupdates.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\4a80db4ba361a17d379f98f9a145369f.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\sysupdates.exe' = '%TEMP%\sysupdates.exe:*:Enabled:sysupdates.e...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\sysupdates.exe" "sysupdates.exe" ENABLE
- '%TEMP%\sysupdates.exe'
- %TEMP%\sysupdates.exe
- 'te####loader.com':80
- 'wp#d':80
- http://te####loader.com/dr9w5/raw
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK te####loader.com
- DNS ASK wp#d