Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winuptodate' = '%WINDIR%\winuptodate.exe'
- '%WINDIR%\winuptodate.exe'
- '<SYSTEM32>\reg.exe' ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v winuptodate /d %WINDIR%\winuptodate.exe /f
- '<SYSTEM32>\reg.exe' ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations /v LowRiskFileTypes /d .exe; /f
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] 'LowRiskFileTypes' = '.exe;'
- %WINDIR%\winuptodate.exe
- %WINDIR%\winuptodate.exe
- 'www.xx###harmed.com':80
- www.xx###harmed.com/register.php?PC#############
- DNS ASK www.xx###harmed.com