Technical Information
- [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe %WINDIR%\virüs.exe'
- [HKCU\Software\Microsoft\Internet Account Manager]
- [HKLM\Software\Wow6432Node\Microsoft\Windows Mail]
- [HKCU\Software\Microsoft\Windows Mail]
- %WINDIR%\virГјs.exe
- %WINDIR%\virГјs.exe
- '34.##9.100.209':443
- DNS ASK sm##.gmail.com