Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SrvUpdater] 'Start' = '00000002'
- '%PROGRAM_FILES%\SoftwareUpdater\UpdaterService.exe'
- '%TEMP%\nsn2.tmp\ns3.tmp' taskkill /f /im AppsUpdater.exe
- '<SYSTEM32>\taskkill.exe' /f /im AppsUpdater.exe
- %PROGRAM_FILES%\SoftwareUpdater\translations.xml
- %TEMP%\nsn2.tmp\nsURL.dll
- %PROGRAM_FILES%\SoftwareUpdater\Interop.Shell32.dll
- %PROGRAM_FILES%\SoftwareUpdater\KeyGen.dll
- %PROGRAM_FILES%\SoftwareUpdater\UpdaterService.exe
- %PROGRAM_FILES%\SoftwareUpdater\uninstall.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\api[1].php
- %PROGRAM_FILES%\SoftwareUpdater\AppsUpdater.exe
- %TEMP%\nsn2.tmp\nsExec.dll
- %TEMP%\nsn2.tmp\ns3.tmp
- %TEMP%\nsn2.tmp\System.dll
- %TEMP%\nsn2.tmp\SimpleSC.dll
- %PROGRAM_FILES%\SoftwareUpdater\AppsUpdaterSem.exe.config
- %PROGRAM_FILES%\SoftwareUpdater\AppsUpdater.exe.config
- %TEMP%\nsn2.tmp\tkDecript.dll
- %PROGRAM_FILES%\SoftwareUpdater\config.xml
- %TEMP%\nsn2.tmp\SimpleSC.dll
- %TEMP%\nsn2.tmp\System.dll
- %TEMP%\nsn2.tmp\tkDecript.dll
- %TEMP%\nsn2.tmp\nsURL.dll
- %TEMP%\nsn2.tmp\ns3.tmp
- %PROGRAM_FILES%\SoftwareUpdater\AppsUpdaterSem.exe.config
- %TEMP%\nsn2.tmp\nsExec.dll
- 'www.up###atsone.com':80
- www.up###atsone.com/cmd/report.php?ke#########################################
- www.up###atsone.com/cmd/api.php?ac##########################
- DNS ASK www.up###atsone.com
- ClassName: '(null)' WindowName: '(null)'