Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Update' = '%APPDATA%\Microsoft\Windows Update.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe %APPDATA%\Microsoft\Windows Update.exe'
- C:\fichiercrypter.exe
- %APPDATA%\microsoft\windows update.exe
- http://ch####p.dyndns.org/
- DNS ASK ch####p.dyndns.org
- DNS ASK sm##.gmail.com
- 'C:\fichiercrypter.exe'