Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'supdate2.dll' = 'RUNDLL32.EXE <SYSTEM32>\supdate2.dll,Run'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'supdate2.dll' = 'REGSVR32.EXE /s <SYSTEM32>\supdate2.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinDir' = '<SYSTEM32>\WinDir.exe'
- %TEMP%\s53561.exe
- %TEMP%\nsu3.tmp
- %TEMP%\s53561.dll
- <SYSTEM32>\supdate2.dll
- <SYSTEM32>\WinDir.exe
- <SYSTEM32>\softverfile.ini
- %TEMP%\s53561.exe
- %TEMP%\s53561.dll
- 'tb.##gou.com':80
- tb.##gou.com/sh/reg.gif?s=###############################################
- DNS ASK tb.##gou.com