Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\Win_update.lnk
- <LS_APPDATA>\Win_update\Win_update.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\MZВђ[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\getGEO[1].php
- 'localhost':1042
- 'bi#####processing.com':80
- 'hy######stall.appspot.com':80
- 'st#####.googleapis.com':80
- hy######stall.appspot.com/nuSoapClient/getStatusInstalled/0/0/4/0/6/0/0/0/Empty%20XML,%20GEO=MZ/MZ/5/5e54147a3b317e14baa5a2b0a8c8ed12ea483b73/10.0.0.2/Windows%20XP%20SP2%2032bit
- hy######stall.appspot.com/nuSoapClient/getStatusInstalled/0/0/4/0/5/0/0/0/%20no%20offers%20totally%20for%20this%20GEO-ID%20No%20offers%20found%20for%20install!/MZ/5/5e54147a3b317e14baa5a2b0a8c8ed12ea483b73/10.0.0.2/Windows%20XP%20SP2%2032bit
- bi#####processing.com/download/win_update.exe
- hy######stall.appspot.com/getGEO.php
- hy######stall.appspot.com/nuSoapClient/getPublisherGEOOffersGenXML/0/MZ/0/8f2fc8a4-fe24-49cb-a754-65550e74293c/4
- st#####.googleapis.com/offers_xml/MZ??
- DNS ASK bi#####processing.com
- DNS ASK st#####.googleapis.com
- DNS ASK hy######stall.appspot.com