Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MSUD2' = '%PROGRAM_FILES%\wauaclt.exe'
- %PROGRAM_FILES%\wauaclt.exe
- %PROGRAM_FILES%\wauaclt.exe
- 'rd##.#ompress.to':443
- '22#.#33.73.13':80
- '22#.#33.73.13':443
- 'mo##.#rabdance.com':80
- 'mo##.#rabdance.com':443
- 'rd##.#ompress.to':80
- 22#.#33.73.13/0000/a176593.asp
- rd##.#ompress.to/0000/a172734.asp
- mo##.#rabdance.com/0000/a168984.asp
- 22#.#33.73.13/0000/a187718.asp
- rd##.#ompress.to/0000/a184000.asp
- mo##.#rabdance.com/0000/a180250.asp
- 22#.#33.73.13/0000/a154406.asp
- rd##.#ompress.to/0000/a150265.asp
- mo##.#rabdance.com/0000/a133234.asp
- 22#.#33.73.13/0000/a165375.asp
- rd##.#ompress.to/0000/a161750.asp
- mo##.#rabdance.com/0000/a158046.asp
- DNS ASK rd##.#ompress.to
- DNS ASK mo##.#rabdance.com
- ClassName: 'Indicator' WindowName: ''