Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,,<SYSTEM32>\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\winupdate.com,'
- '<SYSTEM32>\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\winupdate.com'
- <SYSTEM32>\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\winupdate.com
- <SYSTEM32>\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\attach.pdf
- <SYSTEM32>\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\winupdate.com
- <SYSTEM32>\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\attach.pdf
- <SYSTEM32>\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\attach.pdf
- '20#.#82.153.229':21
- 'wp#d':80
- wp#d/wpad.dat
- DNS ASK wp#d