Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Updates' = '<SYSTEM32>\WinUpdate.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES] 'Windows Updates' = '<SYSTEM32>\WinUpdate.exe'
- <SYSTEM32>\LogMeIn.msi /quiet USERPASSWORD=p0rks0da USERVERIFYPWD=p0rks0da USEREMAIL=red9midnight@gmail.com USERWEBPASSWORD=p0rks0da LicenseType=free
- <SYSTEM32>\LogMeIn.msi (загружен из сети Интернет)
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\exec.bat
- <SYSTEM32>\LogMeIn.msi
- <SYSTEM32>\exec.bat
- <SYSTEM32>\here
- <SYSTEM32>\WinUpdate.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\LogMeIn[1].msi
- 'ze##uh.com':80
- 'localhost':1035
- ze##uh.com/LogMeIn.msi
- DNS ASK ze##uh.com