Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'cmd' = '%APPDATA%\cmd\Service Update.exe'
- %APPDATA%\isolatedstorage\url.3hyks3m30zaawaroyvq5iiquxevm1vbl\identity.dat
- %APPDATA%\cmd\service update.exe
- %APPDATA%\isolatedstorage\url.k4ygdtzwfrrc4fsam1z0rh25qbnoboib\identity.dat
- '<LOCALNET>.1.6':9001
- '%APPDATA%\cmd\service update.exe'
- '%WINDIR%\syswow64\cmd.exe'