Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SoftwareUpdate' = '"%HOMEPATH%\wuauactc.exe"'
- '%HOMEPATH%\spx32.exe' (null) true false true true (null) (null) "http://ab#.##crazypvp.com/t.pac"
- '%HOMEPATH%\wuauactc.exe'
- %HOMEPATH%\ASdui1h234eu1.tmp
- %HOMEPATH%\IAUShdiu12983.tmp
- %HOMEPATH%\ASdui1h234eu1.tmp в %HOMEPATH%\wuauactc.exe
- %HOMEPATH%\IAUShdiu12983.tmp в %HOMEPATH%\spx32.exe
- 'co######.100webspace.net':80
- co######.100webspace.net/infects/infec.php
- DNS ASK co######.100webspace.net
- ClassName: 'Indicator' WindowName: '(null)'