Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ExplorerUpdate' = '%APPDATA%\Microsoft\Windows\Templates\<File name>.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MsnUpdate' = '%APPDATA%\Microsoft\<File name>.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.exe
- %TEMP%\_ininsep.vbs
- %TEMP%\_ininsep2.vbs
- %APPDATA%\microsoft\windows\templates\<File name>.exe
- %APPDATA%\microsoft\<File name>.exe
- %TEMP%\_ininsep.vbs
- %TEMP%\_ininsep2.vbs
- DNS ASK bu###.no-ip.org
- DNS ASK ki####2.zapto.org
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\_ininsep.vbs"
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\_ininsep2.vbs"
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\_ininsep.vbs"' (with hidden window)
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\_ininsep2.vbs"' (with hidden window)