Техническая информация
Для обеспечения автозапуска и распространения
Создает или изменяет следующие файлы
- <SYSTEM32>\tasks\software updater skipuac(user)
- <SYSTEM32>\tasks\software updater scheduler
- <SYSTEM32>\tasks\su_autoupdate
Вредоносные функции
Запускает на исполнение
- '%WINDIR%\syswow64\taskkill.exe' -f -im SoftwareUpdater.exe
- '%WINDIR%\syswow64\taskkill.exe' -f -im SUInit.exe
Внедряет код в
следующие системные процессы:
- %WINDIR%\explorer.exe
Патчит код
в динамической библиотеке
- Процесс softwareupdater.exe, модуль vcl120.bpl
- Процесс carescan.exe, модуль vcl120.bpl
Изменения в файловой системе
Создает следующие файлы
- %TEMP%\aut6bc5.tmp
- %TEMP%\ghost\banner.jpg
- %TEMP%\ghost\setup.exe
- %TEMP%\is-ablqj.tmp\setup.tmp
- %TEMP%\is-tsbbl.tmp\_isetup\_setup64.tmp
- %TEMP%\is-tsbbl.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-tsbbl.tmp\rdzone.dll
- %TEMP%\is-tsbbl.tmp\inno_english.lng
- %TEMP%\is-tsbbl.tmp\suinit.exe
- %TEMP%\is-tsbbl.tmp\suinstaller\suinitrun.exe
- %ALLUSERSPROFILE%\iobit\install.ini
- %APPDATA%\iobit\software updater\main.ini
- %APPDATA%\iobit\software updater\log\2026-03-01.dbg
- %ProgramFiles(x86)%\iobit\software updater\is-soqvo.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-l962d.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-5am71.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-50aia.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-cfafu.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-ilkud.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-v079v.tmp
- %ProgramFiles(x86)%\iobit\software updater\database\is-kn1k3.tmp
- %ProgramFiles(x86)%\iobit\software updater\database\is-cb5nr.tmp
- %ProgramFiles(x86)%\iobit\software updater\database\is-vj50t.tmp
- %ProgramFiles(x86)%\iobit\software updater\icons\is-m9utg.tmp
- %ProgramFiles(x86)%\iobit\software updater\icons\is-otroo.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-6usu6.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-jsvbm.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-9a2ac.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-20bc2.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-883to.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-5pv4f.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-40hda.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-kj7tp.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-am859.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-1tvl1.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-6icn3.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-eoc1j.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-eu6nf.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-ncab3.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-flrce.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-1rjfb.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-rb2b5.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-bb4oe.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-cjh63.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-8op2n.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-8rpb1.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-fnuip.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-ockgr.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-9qkrf.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-atrlr.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-0cvjt.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-rm4de.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-s2ptc.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-7l0uc.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-i7lph.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-6ougj.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-fakg6.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-tvubb.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-8035e.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-77533.tmp
- %ProgramFiles(x86)%\iobit\software updater\language\is-ud7vk.tmp
- %ProgramFiles(x86)%\iobit\software updater\skin\is-v9snh.tmp
- %ProgramFiles(x86)%\iobit\software updater\skin\is-81btb.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-2m51l.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-racre.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-9pehl.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-mj4b1.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-8drt1.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-ciend.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-pc5sg.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-03us7.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-istq1.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-rbab9.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-cfaeq.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-74q2m.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-r1rha.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-pubip.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-25fj9.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-h5ek5.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-6p8fm.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-hvbdl.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-v9a8o.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-m1tad.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-410lt.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-hsdvm.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-ft71t.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-tgt35.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-a0eom.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-p70gk.tmp
- %ProgramFiles(x86)%\iobit\software updater\is-2o05g.tmp
- %ProgramFiles(x86)%\iobit\software updater\update\is-u3906.tmp
- %ProgramFiles(x86)%\iobit\software updater\taskbarpin\is-25i0q.tmp
- %ProgramFiles(x86)%\iobit\software updater\taskbarpin\is-b5nc6.tmp
- %ProgramFiles(x86)%\iobit\software updater\taskbarpin\is-3ujea.tmp
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\iobit software updater\iobit software updater.lnk
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\iobit software updater\uninstall iobit software updater.lnk
- C:\users\public\desktop\iobit software updater.lnk
- %ProgramFiles(x86)%\iobit\software updater\unins000.msg
- %ProgramFiles(x86)%\iobit\software updater\unins000.dat
- %ALLUSERSPROFILE%\pdinst.ini
- %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\iobit software updater.lnk
- %ALLUSERSPROFILE%\iobit\iobitrtt\surtt.ept
- %LOCALAPPDATA%low\iobit\ac.ini
- %TEMP%\st.dbd
- %ALLUSERSPROFILE%\productdata3\statcache3.db
- %ALLUSERSPROFILE%\productdata3\isu\isu8stat3.ini
- %ALLUSERSPROFILE%\productdata3\statcache3.po
- %TEMP%\su.cfg.ini
- %ProgramFiles(x86)%\iobit\software updater\scandata\config.ini
- %LOCALAPPDATA%low\iobit\aupdate.ini
- %ProgramFiles(x86)%\iobit\software updater\database\opt.dbd
- %ProgramFiles(x86)%\iobit\software updater\database\reg.dbd
- %ProgramFiles(x86)%\iobit\software updater\database\pritemp.dbd
- %TEMP%\temp\zlb1592.tmp
- %ProgramFiles(x86)%\iobit\software updater\update\update.ini.tmp
- %APPDATA%\iobit\software updater\autolog\2026-03-01.dbg
- %ProgramFiles(x86)%\iobit\software updater\update\update.ini
- %TEMP%\smarinfotemp.dbd
- %ProgramFiles(x86)%\iobit\software updater\update\temp\update\expslist.dat
- %ProgramFiles(x86)%\iobit\software updater\database\smarupdateinfo.dbd
- %TEMP%\smarupdateinfo.dbd
- %TEMP%\aut3a42.tmp
- %TEMP%\ghost\version.dll
- %ProgramFiles(x86)%\iobit\software updater\version.dll
- %ProgramFiles(x86)%\iobit\software updater\regdemoscan.log
- %TEMP%\zlb5115.tmp
- %TEMP%\zlb5136.tmp
- %TEMP%\zlb5156.tmp
- %TEMP%\zlb5157.tmp
- %ProgramFiles(x86)%\iobit\software updater\regrunlog.log
- %TEMP%\ascsr.del
- %ProgramFiles(x86)%\iobit\software updater\zlb7664.tmp
- %ProgramFiles(x86)%\iobit\software updater\zlb7675.tmp
- %ProgramFiles(x86)%\iobit\software updater\zlb7676.tmp
- %TEMP%\temp\zlb7b78.tmp
- %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\places.sqlite-shm
Удаляет файлы, которые сам же создал
- %TEMP%\aut6bc5.tmp
- %TEMP%\is-tsbbl.tmp\inno_english.lng
- %TEMP%\is-tsbbl.tmp\rdzone.dll
- %TEMP%\is-tsbbl.tmp\suinit.exe
- %TEMP%\is-tsbbl.tmp\suinstaller\suinitrun.exe
- %TEMP%\is-tsbbl.tmp\_isetup\_setup64.tmp
- %TEMP%\is-tsbbl.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-ablqj.tmp\setup.tmp
- %ALLUSERSPROFILE%\productdata3\statcache3.po
- %TEMP%\temp\zlb1592.tmp
- %ProgramFiles(x86)%\iobit\software updater\update\update.ini.tmp
- %TEMP%\smarinfotemp.dbd
- %TEMP%\aut3a42.tmp
- %TEMP%\zlb5115.tmp
- %TEMP%\zlb5136.tmp
- %TEMP%\zlb5156.tmp
- %TEMP%\zlb5157.tmp
- %TEMP%\ascsr.del
- %ProgramFiles(x86)%\iobit\software updater\zlb7664.tmp
- %ProgramFiles(x86)%\iobit\software updater\zlb7675.tmp
- %ProgramFiles(x86)%\iobit\software updater\zlb7676.tmp
- %TEMP%\temp\zlb7b78.tmp
- %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\places.sqlite-shm
Перемещает следующие файлы
- %ProgramFiles(x86)%\iobit\software updater\is-soqvo.tmp в %ProgramFiles(x86)%\iobit\software updater\unins000.exe
- %ProgramFiles(x86)%\iobit\software updater\is-l962d.tmp в %ProgramFiles(x86)%\iobit\software updater\madbasic_.bpl
- %ProgramFiles(x86)%\iobit\software updater\is-5am71.tmp в %ProgramFiles(x86)%\iobit\software updater\maddisasm_.bpl
- %ProgramFiles(x86)%\iobit\software updater\is-50aia.tmp в %ProgramFiles(x86)%\iobit\software updater\madexcept_.bpl
- %ProgramFiles(x86)%\iobit\software updater\is-cfafu.tmp в %ProgramFiles(x86)%\iobit\software updater\rtl120.bpl
- %ProgramFiles(x86)%\iobit\software updater\is-ilkud.tmp в %ProgramFiles(x86)%\iobit\software updater\vcl120.bpl
- %ProgramFiles(x86)%\iobit\software updater\is-v079v.tmp в %ProgramFiles(x86)%\iobit\software updater\vclx120.bpl
- %ProgramFiles(x86)%\iobit\software updater\database\is-kn1k3.tmp в %ProgramFiles(x86)%\iobit\software updater\database\smarupdateicon.dbd
- %ProgramFiles(x86)%\iobit\software updater\database\is-cb5nr.tmp в %ProgramFiles(x86)%\iobit\software updater\database\smarupdateinfo.dbd
- %ProgramFiles(x86)%\iobit\software updater\database\is-vj50t.tmp в %ProgramFiles(x86)%\iobit\software updater\database\st.dbd
- %ProgramFiles(x86)%\iobit\software updater\icons\is-m9utg.tmp в %ProgramFiles(x86)%\iobit\software updater\icons\0.ico
- %ProgramFiles(x86)%\iobit\software updater\icons\is-otroo.tmp в %ProgramFiles(x86)%\iobit\software updater\icons\3+.ico
- %ProgramFiles(x86)%\iobit\software updater\language\is-6usu6.tmp в %ProgramFiles(x86)%\iobit\software updater\language\arabic.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-jsvbm.tmp в %ProgramFiles(x86)%\iobit\software updater\language\chinesesimp.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-9a2ac.tmp в %ProgramFiles(x86)%\iobit\software updater\language\chinesetrad.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-20bc2.tmp в %ProgramFiles(x86)%\iobit\software updater\language\croatian.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-883to.tmp в %ProgramFiles(x86)%\iobit\software updater\language\czech.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-5pv4f.tmp в %ProgramFiles(x86)%\iobit\software updater\language\danish.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-40hda.tmp в %ProgramFiles(x86)%\iobit\software updater\language\dutch.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-kj7tp.tmp в %ProgramFiles(x86)%\iobit\software updater\language\english.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-am859.tmp в %ProgramFiles(x86)%\iobit\software updater\language\finnish.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-1tvl1.tmp в %ProgramFiles(x86)%\iobit\software updater\language\flemish.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-6icn3.tmp в %ProgramFiles(x86)%\iobit\software updater\language\french.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-eoc1j.tmp в %ProgramFiles(x86)%\iobit\software updater\language\georgian.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-eu6nf.tmp в %ProgramFiles(x86)%\iobit\software updater\language\german.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-ncab3.tmp в %ProgramFiles(x86)%\iobit\software updater\language\greek.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-flrce.tmp в %ProgramFiles(x86)%\iobit\software updater\language\hebrew.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-1rjfb.tmp в %ProgramFiles(x86)%\iobit\software updater\language\hungarian.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-rb2b5.tmp в %ProgramFiles(x86)%\iobit\software updater\language\indonesian.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-bb4oe.tmp в %ProgramFiles(x86)%\iobit\software updater\language\italian.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-cjh63.tmp в %ProgramFiles(x86)%\iobit\software updater\language\japanese.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-8op2n.tmp в %ProgramFiles(x86)%\iobit\software updater\language\korean.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-8rpb1.tmp в %ProgramFiles(x86)%\iobit\software updater\language\malay.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-fnuip.tmp в %ProgramFiles(x86)%\iobit\software updater\language\norwegian.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-ockgr.tmp в %ProgramFiles(x86)%\iobit\software updater\language\polish.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-9qkrf.tmp в %ProgramFiles(x86)%\iobit\software updater\language\portuguese(pt-br).lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-atrlr.tmp в %ProgramFiles(x86)%\iobit\software updater\language\portuguese(pt-pt).lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-0cvjt.tmp в %ProgramFiles(x86)%\iobit\software updater\language\romanian.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-rm4de.tmp в %ProgramFiles(x86)%\iobit\software updater\language\russian.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-s2ptc.tmp в %ProgramFiles(x86)%\iobit\software updater\language\serbian(cyrillic).lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-7l0uc.tmp в %ProgramFiles(x86)%\iobit\software updater\language\serbian(latin).lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-i7lph.tmp в %ProgramFiles(x86)%\iobit\software updater\language\slovak.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-6ougj.tmp в %ProgramFiles(x86)%\iobit\software updater\language\slovenian.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-fakg6.tmp в %ProgramFiles(x86)%\iobit\software updater\language\spanish.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-tvubb.tmp в %ProgramFiles(x86)%\iobit\software updater\language\swedish.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-8035e.tmp в %ProgramFiles(x86)%\iobit\software updater\language\turkish.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-77533.tmp в %ProgramFiles(x86)%\iobit\software updater\language\ukrainian.lng
- %ProgramFiles(x86)%\iobit\software updater\language\is-ud7vk.tmp в %ProgramFiles(x86)%\iobit\software updater\language\vietnamese.lng
- %ProgramFiles(x86)%\iobit\software updater\skin\is-v9snh.tmp в %ProgramFiles(x86)%\iobit\software updater\skin\classic.rcc
- %ProgramFiles(x86)%\iobit\software updater\skin\is-81btb.tmp в %ProgramFiles(x86)%\iobit\software updater\skin\public.rcc
- %ProgramFiles(x86)%\iobit\software updater\is-2m51l.tmp в %ProgramFiles(x86)%\iobit\software updater\autoupdate.exe
- %ProgramFiles(x86)%\iobit\software updater\is-racre.tmp в %ProgramFiles(x86)%\iobit\software updater\carescan.exe
- %ProgramFiles(x86)%\iobit\software updater\is-9pehl.tmp в %ProgramFiles(x86)%\iobit\software updater\feedback.exe
- %ProgramFiles(x86)%\iobit\software updater\is-mj4b1.tmp в %ProgramFiles(x86)%\iobit\software updater\history.txt
- %ProgramFiles(x86)%\iobit\software updater\is-8drt1.tmp в %ProgramFiles(x86)%\iobit\software updater\infohelp.dll
- %ProgramFiles(x86)%\iobit\software updater\is-ciend.tmp в %ProgramFiles(x86)%\iobit\software updater\iobitdownloader.exe
- %ProgramFiles(x86)%\iobit\software updater\is-pc5sg.tmp в %ProgramFiles(x86)%\iobit\software updater\isutip.exe
- %ProgramFiles(x86)%\iobit\software updater\is-03us7.tmp в %ProgramFiles(x86)%\iobit\software updater\lang.dat
- %ProgramFiles(x86)%\iobit\software updater\is-istq1.tmp в %ProgramFiles(x86)%\iobit\software updater\libcrypto-1_1.dll
- %ProgramFiles(x86)%\iobit\software updater\is-rbab9.tmp в %ProgramFiles(x86)%\iobit\software updater\libssl-1_1.dll
- %ProgramFiles(x86)%\iobit\software updater\is-cfaeq.tmp в %ProgramFiles(x86)%\iobit\software updater\locallang.exe
- %ProgramFiles(x86)%\iobit\software updater\is-74q2m.tmp в %ProgramFiles(x86)%\iobit\software updater\productnews2.dll
- %ProgramFiles(x86)%\iobit\software updater\is-r1rha.tmp в %ProgramFiles(x86)%\iobit\software updater\productstat3.exe
- %ProgramFiles(x86)%\iobit\software updater\is-pubip.tmp в %ProgramFiles(x86)%\iobit\software updater\productstatistics3.dll
- %ProgramFiles(x86)%\iobit\software updater\is-25fj9.tmp в %ProgramFiles(x86)%\iobit\software updater\registercom.dll
- %ProgramFiles(x86)%\iobit\software updater\is-h5ek5.tmp в %ProgramFiles(x86)%\iobit\software updater\restore.exe
- %ProgramFiles(x86)%\iobit\software updater\is-6p8fm.tmp в %ProgramFiles(x86)%\iobit\software updater\scn.dll
- %ProgramFiles(x86)%\iobit\software updater\is-hvbdl.tmp в %ProgramFiles(x86)%\iobit\software updater\sendbugreportnew.exe
- %ProgramFiles(x86)%\iobit\software updater\is-v9a8o.tmp в %ProgramFiles(x86)%\iobit\software updater\setup.exe
- %ProgramFiles(x86)%\iobit\software updater\is-m1tad.tmp в %ProgramFiles(x86)%\iobit\software updater\softwareupdater.exe
- %ProgramFiles(x86)%\iobit\software updater\is-410lt.tmp в %ProgramFiles(x86)%\iobit\software updater\sqlite3.dll
- %ProgramFiles(x86)%\iobit\software updater\is-hsdvm.tmp в %ProgramFiles(x86)%\iobit\software updater\sufeature.exe
- %ProgramFiles(x86)%\iobit\software updater\is-ft71t.tmp в %ProgramFiles(x86)%\iobit\software updater\suinit.exe
- %ProgramFiles(x86)%\iobit\software updater\is-tgt35.tmp в %ProgramFiles(x86)%\iobit\software updater\sysrest.dll
- %ProgramFiles(x86)%\iobit\software updater\is-a0eom.tmp в %ProgramFiles(x86)%\iobit\software updater\uninstallpromote.exe
- %ProgramFiles(x86)%\iobit\software updater\is-p70gk.tmp в %ProgramFiles(x86)%\iobit\software updater\webres.dll
- %ProgramFiles(x86)%\iobit\software updater\is-2o05g.tmp в %ProgramFiles(x86)%\iobit\software updater\winid.dat
- %ProgramFiles(x86)%\iobit\software updater\update\is-u3906.tmp в %ProgramFiles(x86)%\iobit\software updater\update\update.ini
- %ProgramFiles(x86)%\iobit\software updater\taskbarpin\is-25i0q.tmp в %ProgramFiles(x86)%\iobit\software updater\taskbarpin\iconpin32.dll
- %ProgramFiles(x86)%\iobit\software updater\taskbarpin\is-b5nc6.tmp в %ProgramFiles(x86)%\iobit\software updater\taskbarpin\iconpin32.exe
- %ProgramFiles(x86)%\iobit\software updater\taskbarpin\is-3ujea.tmp в %ProgramFiles(x86)%\iobit\software updater\taskbarpin\iconpin64.exe
Изменяет следующие файлы
Подменяет следующие файлы
- %TEMP%\ascsr.del
Сетевая активность
Подключается к
- 'io##t.com':443
- '10#.#1.38.38':80
- 'oc##.###tg2.amazontrust.com':80
- 'oc##.####ca1.amazontrust.com':80
- 'oc##.###04.amazontrust.com':80
- 'x1.#.lencr.org':80
- 'r1#.#.lencr.org':80
- 'st###.iobit.com':443
- 'up####.iobit.com':443
TCP
Запросы HTTP GET
- http://oc##.###tg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
- http://oc##.####ca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEk8qlS4%2B0YpYvbhdG8DOXyc%3D
- http://oc##.###04.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTihuFvpmFDw5hOcIp918Jm5B3CQgQUH1KSYVaCVH%2BBZtgdPQqqMlyH3QgCEA2%2Fjqs4vs4AHyDmFazy8O0%3D
- http://x1.#.lencr.org/
- http://r1#.#.lencr.org/49.crl
Другие
- 'io##t.com':443
- 'cd#.#obit.com':443
- 'st###.iobit.com':443
- 'up####.iobit.com':443
UDP
- DNS ASK io##t.com
- DNS ASK oc##.###tg2.amazontrust.com
- DNS ASK oc##.####ca1.amazontrust.com
- DNS ASK oc##.###04.amazontrust.com
- DNS ASK cd#.#obit.com
- DNS ASK x1.#.lencr.org
- DNS ASK r1#.#.lencr.org
- DNS ASK st###.iobit.com
- DNS ASK up####.iobit.com
Другое
Ищет следующие окна
- ClassName: '' WindowName: ''
- ClassName: 'Progman' WindowName: ''
- ClassName: 'BUTTON' WindowName: ''
Создает и запускает на исполнение
- '%TEMP%\ghost\setup.exe' /sp- /verysilent /suppressmsgboxes /install_start
- '%TEMP%\is-ablqj.tmp\setup.tmp' /SL5="$701DA,19933390,137216,%TEMP%\Ghost\Setup.exe" /sp- /verysilent /suppressmsgboxes /install_start
- '%TEMP%\is-tsbbl.tmp\suinstaller\suinitrun.exe' /update_init
- '%ProgramFiles(x86)%\iobit\software updater\locallang.exe'
- '%ProgramFiles(x86)%\iobit\software updater\suinit.exe' /INSTALL /CreateTaskbar /update
- '%ProgramFiles(x86)%\iobit\software updater\setup.exe' /SilenceCall
- '%ProgramFiles(x86)%\iobit\software updater\taskbarpin\iconpin64.exe' Pin "%ProgramFiles(x86)%\IObit\Software Updater\SoftwareUpdater.exe"
- '%ProgramFiles(x86)%\iobit\software updater\softwareupdater.exe' /INSTALL /CreateTaskbar /update
- '%ProgramFiles(x86)%\iobit\software updater\setup.exe' /ScriptCall
- '%ProgramFiles(x86)%\iobit\software updater\uninstallpromote.exe' /install su8
- '%ProgramFiles(x86)%\iobit\software updater\productstat3.exe' /postspcache "%ALLUSERSPROFILE%\ProductData3\StatSpCache.dat"
- '%ProgramFiles(x86)%\iobit\software updater\sufeature.exe' /su /user
- '%ProgramFiles(x86)%\iobit\software updater\sufeature.exe' /u https://stats.iobit.com/active_month.php /a su8 /p iobit /v 8.#.0.12 /t 1 /d 7
- '%ProgramFiles(x86)%\iobit\software updater\carescan.exe' /susilentscan
- '%ProgramFiles(x86)%\iobit\software updater\autoupdate.exe' /Nomal
Запускает на исполнение
- '%WINDIR%\syswow64\cmd.exe' /c Schtasks.exe /change /enable /tn "Software Updater SkipUAC(user)" (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /change /enable /tn "Software Updater SkipUAC(user)"
- '%TEMP%\is-tsbbl.tmp\suinstaller\suinitrun.exe' /update_init (со скрытым окном)
- '%WINDIR%\syswow64\taskkill.exe' -f -im SoftwareUpdater.exe (со скрытым окном)
- '%WINDIR%\syswow64\taskkill.exe' -f -im SUInit.exe (со скрытым окном)
- '%ProgramFiles(x86)%\iobit\software updater\locallang.exe' (со скрытым окном)
- '%ProgramFiles(x86)%\iobit\software updater\suinit.exe' /INSTALL /CreateTaskbar /update (со скрытым окном)
- '%ProgramFiles(x86)%\iobit\software updater\setup.exe' /SilenceCall (со скрытым окном)
- '%ProgramFiles(x86)%\iobit\software updater\taskbarpin\iconpin64.exe' Pin "%ProgramFiles(x86)%\IObit\Software Updater\SoftwareUpdater.exe" (со скрытым окном)
- '%ProgramFiles(x86)%\iobit\software updater\setup.exe' /ScriptCall (со скрытым окном)
- '%ProgramFiles(x86)%\iobit\software updater\uninstallpromote.exe' /install su8 (со скрытым окном)
- '%ProgramFiles(x86)%\iobit\software updater\productstat3.exe' /postspcache "%ALLUSERSPROFILE%\ProductData3\StatSpCache.dat" (со скрытым окном)
- '%ProgramFiles(x86)%\iobit\software updater\sufeature.exe' /su /user (со скрытым окном)
- '%ProgramFiles(x86)%\iobit\software updater\sufeature.exe' /u https://stats.iobit.com/active_month.php /a su8 /p iobit /v 8.#.0.12 /t 1 /d 7 (со скрытым окном)
- '%ProgramFiles(x86)%\iobit\software updater\carescan.exe' /susilentscan (со скрытым окном)
- '%ProgramFiles(x86)%\iobit\software updater\autoupdate.exe' /Nomal (со скрытым окном)
