Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{307903CA-FC26-49ED-87FC-D31F01ABAF85}] 'StubPath' = 'rundll32 "%ALLUSERSPROFILE%\Application Data\Internet\OSmgr.dll",TestOSVersion A465C33E-368D-4574-AA6F-CCCA9152923B++{307903CA-FC26-49ED-87FC-D31F01ABAF85}'
- <SYSTEM32>\rundll32.exe "%ALLUSERSPROFILE%\Application Data\Themes\Vista.theme",InstallRegisterA A465C33E-368D-4574-AA6F-CCCA9152923B++{307903CA-FC26-49ED-87FC-D31F01ABAF85}||"%TEMP%\MIC1.tmp"
- <SYSTEM32>\rundll32.exe "%ALLUSERSPROFILE%\Application Data\Internet\OSmgr.dll",TestOSVersion A465C33E-368D-4574-AA6F-CCCA9152923B++{307903CA-FC26-49ED-87FC-D31F01ABAF85}||"%TEMP%\MIC1.tmp"
- <SYSTEM32>\rundll32.exe shell32.dll,Control_RunDLL "%TEMP%\MIC1.tmp"
- %TEMP%\D3.tmp
- %ALLUSERSPROFILE%\Application Data\Internet\OSmgr.dll
- %ALLUSERSPROFILE%\Application Data\Internet\msupmgr.dll
- %ALLUSERSPROFILE%\Application Data\Themes\Vista.theme
- %TEMP%\MIC1.tmp
- %TEMP%\A2.tmp
- %TEMP%\F4.tmp
- %TEMP%\F4.tmp
- %TEMP%\MIC1.tmp
- %TEMP%\A2.tmp
- %TEMP%\D3.tmp
- 'www.ed##w.tk':8080
- 'ww##.#endsmtp.com':443
- DNS ASK www.ed##w.tk
- DNS ASK ww##.#endsmtp.com