Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\winserviceupdata.exe] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\winserviceupdata.exe] 'ImagePath' = '%LOCALAPPDATA%\yuntxtdata\winserviceupdata.exe'
- 'winserviceupdata.exe' %LOCALAPPDATA%\yuntxtdata\winserviceupdata.exe
- %HOMEPATH%\temp\client_cfg
- %LOCALAPPDATA%\yuntxtdata\winserviceupdata.exe
- %HOMEPATH%\temp\a4b20c6d81e6f82g.exe
- 'ap#.##sjiekou.com':80
- 'cr##########wn.oss-cn-hangzhou.aliyuncs.com':80
- http://ap#.##sjiekou.com/api/count/softwareDown?pa########################################################################################
- http://ap#.##sjiekou.com/api/crxcount/crxedition?pa################################
- http://ap#.##sjiekou.com/api/data/insert_ip?pa#######################################
- http://ap#.##sjiekou.com/api/crxcount/startcrx?pa###########################################
- http://cr##########wn.oss-cn-hangzhou.aliyuncs.com/crx_data.json
- DNS ASK ap#.##sjiekou.com
- DNS ASK cr##########wn.oss-cn-hangzhou.aliyuncs.com
- '%LOCALAPPDATA%\yuntxtdata\winserviceupdata.exe'
- '%LOCALAPPDATA%\yuntxtdata\winserviceupdata.exe' 5
- '%HOMEPATH%\temp\a4b20c6d81e6f82g.exe' 2
- '%WINDIR%\syswow64\ctfmon.exe'