Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'Load' = '%APPDATA%\SynTPHelper.exe'
- '' (downloaded from the Internet)
- %APPDATA%\SynTPHelper.exe
- 'ch####xchange.org':80
- http://ch####xchange.org/SynTPHelper.exe
- DNS ASK ch####xchange.org
- '%APPDATA%\SynTPHelper.exe'