Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MicroUpdate' = '%HOMEPATH%\svchost.exe'
- '%TEMP%\1.tmp\IQexaminarabic.exe'
- '%HOMEPATH%\svchost.exe'
- '<SYSTEM32>\attrib.exe' +h +s %HOMEPATH%\svchost.exe
- '<SYSTEM32>\reg.exe' add HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MicroUpdate /t reg_sz /d %HOMEPATH%\svchost.exe /f
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\run - Copy55.bat""
- '<SYSTEM32>\xcopy.exe' /q /y svchost.exe %HOMEPATH%\
- %TEMP%\1.tmp\svchost.exe
- %HOMEPATH%\svchost.exe
- %TEMP%\1.tmp\run - Copy55.bat
- %TEMP%\1.tmp\IQexaminarabic.exe
- %HOMEPATH%\svchost.exe
- %TEMP%\1.tmp\run - Copy55.bat
- 'yo####u.no-ip.info':4000
- DNS ASK yo####u.no-ip.info
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'