WinddowsUpdater Worm

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WinddowsUpdater"="C:\\WinddowsUpdater\\WinddowsUpdater.exe \"C:\\WinddowsUpdater\\WinddowsUpdater.zip\"" "WinddowsUpdate"="C:\\WINDOWS\\system32\\cmd.exe /c start C:\\WinddowsUpdater\\WinddowsUpdater.exe \"C:\\WinddowsUpdater\\WinddowsUpdater.zip\" & exit"

In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run WinddowsUpdater = "C:\WinddowsUpdater\WinddowsUpdater.exe C:\WinddowsUpdater\WinddowsUpdater.zip" In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run WinddowsUpdate = "C:\WinddowsUpdater\WinddowsUpdater.exe C:\WinddowsUpdater\WinddowsUpdater.zip" In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run WinddowsUpdater = "C:\WinddowsUpdater\WinddowsUpdater.exe C:\WinddowsUpdater\WinddowsUpdater.zip" In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run WinddowsUpdate = "C:\WinddowsUpdater\WinddowsUpdater.exe C:\WinddowsUpdater\WinddowsUpdater.zip"

run: shell:common startup

C:\WinddowsUpdater\WinddowsUpdater.exe "C:\WinddowsUpdater\WinddowsUpdater.zip" C:\WINDOWS\system32\cmd.exe /c start C:\WinddowsUpdater\WinddowsUpdater.exe "C:\WinddowsUpdater\WinddowsUpdater.zip" & exit

run: (won't show up in explorer) C:\WinddowsUpdater C:\WinddowsUpdateCheck

Ref: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/WORM_RETADUP.A

Ref: https://blog.trendmicro.com/trendlabs-security-intelligence/information-stealer-found-hitting-israeli-hospitals/