Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'fe343f3d3ca84968cfc92a2bca8ce5c9' = '"%APPDATA%\Windows Update.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'fe343f3d3ca84968cfc92a2bca8ce5c9' = '"%APPDATA%\Windows Update.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\fe343f3d3ca84968cfc92a2bca8ce5c9.exe
- '%APPDATA%\Windows Update.exe'
- %APPDATA%\Windows Update.exe
- 'me###.publicvm.com':86
- DNS ASK me###.publicvm.com