Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'wninni.exe' = '%APPDATA%\windowsupdate.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\windows_services.exe.lnk
- %HOMEPATH%\Start Menu\Programs\Startup\sysLaunch.exe.URL
- %HOMEPATH%\Start Menu\Programs\Startup\win_svc.exe.js
- %HOMEPATH%\Start Menu\Programs\Startup\winin.exe
- %HOMEPATH%\Start Menu\Programs\Startup\winin.exe.vbs
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
- %APPDATA%\windowsupdate.exe
- %TEMP%\bKuSAtYBx.txt
- %APPDATA%\windowsupdate.exe
- <Full path to file>
- '15#.#25.78.205':8989
- '%APPDATA%\windowsupdate.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn "Windows Service Host" /tr "%APPDATA%\windowsupdate.exe"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe'