Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UserInit' = '<SYSTEM32>\userinit.exe,%HOMEPATH%\My Documents\MSDCSC\msdcsc.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MicroUpdate' = '%HOMEPATH%\My Documents\MSDCSC\msdcsc.exe'
- '%HOMEPATH%\My Documents\MSDCSC\msdcsc.exe'
- '%HOMEPATH%\My Documents\MSDCSC\msdcsc.exe'
- '<SYSTEM32>\schtasks.exe' /Create /TN "Update\winrar" /XML "%TEMP%\z841"
- '<SYSTEM32>\schtasks.exe' /Create /TN "Update\winrar" /XML "%TEMP%\z239"
- %HOMEPATH%\My Documents\MSDCSC\msdcsc.exe
- %TEMP%\z841
- %APPDATA%\helper.exe
- %TEMP%\z239
- %TEMP%\z841
- %TEMP%\z239
- '21#.#.116.226':1604