Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsUpdate' = '%APPDATA%\bqt\bun.pif %APPDATA%\bqt\tkd.crw'
- RegSvcs.exe
- %APPDATA%\bqt\pva.icm
- %APPDATA%\bqt\tkd.crw
- %APPDATA%\bqt\bun.pif
- %APPDATA%\bqt\wfh.ico
- %APPDATA%\bqt\waa.jpg
- %APPDATA%\bqt\pul
- %TEMP%\Cab1.tmp
- %APPDATA%\bqt\GGJGU
- %TEMP%\RegSvcs.exe
- %APPDATA%\bqt\bun.pif
- %APPDATA%\bqt\GGJGU
- %APPDATA%\bqt\pul
- %APPDATA%\bqt\pva.icm
- %APPDATA%\bqt\tkd.crw
- %APPDATA%\bqt\waa.jpg
- %APPDATA%\bqt\wfh.ico
- %TEMP%\Cab1.tmp
- %APPDATA%\bqt\GGJGU
- 'wp#d':80
- 'download.windowsupdate.com':80
- 'cr#.##obalsign.net':80
- 'do######on12345.ddns.net':12345
- http://11#.#11.111.1/wpad.dat via wp#d
- http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt via download.windowsupdate.com
- http://cr#.##obalsign.net/Root.crl
- http://cr#.##obalsign.net/primobject.crl
- http://cr#.##obalsign.net/ObjectSign.crl
- http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab via download.windowsupdate.com
- DNS ASK wp#d
- DNS ASK www.download.windowsupdate.com
- DNS ASK cr#.##obalsign.net
- DNS ASK www.google.com
- DNS ASK do######on12345.ddns.net
- ClassName: 'EDIT' WindowName: ''
- '%APPDATA%\bqt\bun.pif' tkd.crw Bahi Bahi Bahi Bahi Bahi
- '%APPDATA%\bqt\bun.pif' %APPDATA%\bqt\GGJGU
- '%TEMP%\RegSvcs.exe'