Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\] 'Windows Update 4849939394' = '%WINDIR%\9808354813075381\winndce.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run\] 'Windows Update 4849939394' = '%WINDIR%\9808354813075381\winndce.exe'
- %WINDIR%\9808354813075381\winndce.exe
- %WINDIR%\9808354813075381\winndce.exe
- '18#.#76.27.132':80
- DNS ASK ya##o.com
- '%WINDIR%\9808354813075381\winndce.exe'