Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Updater' = '<SYSTEM32>\update\wuauclt.exe'
- User Account Control (UAC)
- <SYSTEM32>\update\wuauclt.exe
- <SYSTEM32>\update\old.dat
- <SYSTEM32>\update\PID
- <SYSTEM32>\update\wuauclt.exe
- <SYSTEM32>\update\PID
- <Full path to file>
- <SYSTEM32>\update\old.dat
- 'ir#.##eenode.net':6667
- DNS ASK www.google.com
- DNS ASK ir#.##eenode.net
- '<SYSTEM32>\update\wuauclt.exe'