Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'userinit' = '<SYSTEM32>\userinit.exe,C:\DOCUME~1\ALLUSE~1\APPLIC~1\dyq,'
- %TEMP%\1.tmp
- %ALLUSERSPROFILE%\Application Data\dyqomub.exe
- %TEMP%\1.tmp
- '19#.#01.126.186':80
- 'download.windowsupdate.com':80
- http://19#.#01.126.186/members.php
- DNS ASK download.windowsupdate.com