Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ucrtupd] 'Start' = '00000002'
- <SYSTEM32>\ucrtupd.exe frun "n4ILpmBGl9"
- <SYSTEM32>\net1.exe stop "ucrtupd"
- <SYSTEM32>\net1.exe start "ucrtupd"
- <SYSTEM32>\net.exe stop "ucrtupd"
- <SYSTEM32>\cmd.exe /c %TEMP%\setup.bat
- <SYSTEM32>\ping.exe -n 5 localhost
- <SYSTEM32>\ucrtupd.exe
- %TEMP%\setup.bat
- 'www.da###ada.com':80
- www.da###ada.com/comps/conf.txt
- DNS ASK www.da###ada.com