Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '%WINDIR%\system\Rundll.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '%WINDIR%\system\SVCHOST_.exe'
- %WINDIR%\system\Rundll.exe
- %WINDIR%\system\SVCHOST_.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\microsoft[1]
- '20#.#6.232.182':80
- '<LOCALNET>.0.2':5060
- http://www.microsoft.com/ via 20#.#6.232.182
- '%WINDIR%\system\Rundll.exe'
- '%WINDIR%\system\SVCHOST_.exe'