Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '"%PROGRAM_FILES%\WindowsUpdate\System32.exe" /update /key 459772277'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\WindowsUpdate\System32.exe' = '%PROGRAM_FILES%\WindowsUpdate\System32.exe:*:Enabled:Windows Update'
- '%PROGRAM_FILES%\WindowsUpdate\System32.exe'
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Windows Update" /t REG_SZ /d "\"%PROGRAM_FILES%\WindowsUpdate\System32.exe\" /update /key 459772277" /f
- '<SYSTEM32>\net1.exe' user %USERNAME%
- '<SYSTEM32>\reg.exe' add HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "%PROGRAM_FILES%\WindowsUpdate\System32.exe" /t REG_SZ /d "%PROGRAM_FILES%\WindowsUpdate\System32.exe:*:Enabled:Windows Update" /f
- %PROGRAM_FILES%\WindowsUpdate\System32.exe
- %PROGRAM_FILES%\WindowsUpdate\111.txt
- %PROGRAM_FILES%\Мiсrоsоft®\Miсrоsоft Оfficе\Апел_Ухвала_БМ_Банк.docx
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- 'fe####rdy-yahoo.com':80
- fe####rdy-yahoo.comhttp://ferylardy-yahoo.com/down/client.php?go###################
- DNS ASK fe####rdy-yahoo.com
- ClassName: 'Shell_TrayWnd' WindowName: ''