Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MSUPD' = '<LS_APPDATA>\wualct.exe'
- %TEMP%\~1.tmp
- %TEMP%\temp2.doc
- %TEMP%\temp1.exe
- %TEMP%\temp1.exe
- 'localhost':80
- localhost/wKjBiewK/YVVTRVItNEJCMDlBOUMwMi5BZG1pbmlzdHJhdG9yLEEwMWM.asp
- ClassName: 'WordPadClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: ''