Техническая информация
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = 'rundll32.exe "%ALLUSERSPROFILE%\Application Data\0ad412dacb12\09d711d9c811.dat",DllGetClassObject dfsr'
- %WINDIR%\tasks\windows update 6ae8eedc.job
- %WINDIR%\tasks\windows update 22074eed.job
- %WINDIR%\tasks\windows update 7e71d810.job
- %WINDIR%\tasks\windows update a534601b.job
- %WINDIR%\tasks\windows update 5ac23e9d.job
- %WINDIR%\tasks\windows update d5098d1a.job
- %WINDIR%\tasks\windows update.job
- Библиотека-обработчик для всех процессов: %ALLUSERSPROFILE%\Application Data\0ad412dacb12\09d711d9c811.dat
- %TEMP%\ixp000.tmp\core.dll
- %ALLUSERSPROFILE%\application data\0ad412dacb12\09d711d9c811.dat
- %TEMP%\ixp000.tmp\core.dll
- DNS ASK ch##n.so
- ClassName: '20fe38f0e138' WindowName: '27f93ff7e63f0'
- '<SYSTEM32>\rundll32.exe' "%ALLUSERSPROFILE%\Application Data\0ad412dacb12\09d711d9c811.dat",DllGetClassObject dfsr' (со скрытым окном)
- '<SYSTEM32>\rundll32.exe' core.dll,DllGetClassObject dfsr 000000000000 Post Install program: <None>
- '<SYSTEM32>\rundll32.exe' "%ALLUSERSPROFILE%\Application Data\0ad412dacb12\09d711d9c811.dat",DllGetClassObject dfsr