Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{A53757C7-BF5E-4F1D-B3EF-920381A80B95}] 'StubPath' = 'rundll32 "%ALLUSERSPROFILE%\Application Data\Internet\updatemgr.dll",SHGetFolderPathA A465C33E-368D-4574-AA6F-CCCA9152923B++{A53757C7-BF5E-4F1D-B3EF-920381A80B95}'
- <SYSTEM32>\rundll32.exe "%ALLUSERSPROFILE%\Application Data\Themes\Blacks.the",_MS_11_023@16 A465C33E-368D-4574-AA6F-CCCA9152923B++{A53757C7-BF5E-4F1D-B3EF-920381A80B95}||%TEMP%\MIC1.tmp
- <SYSTEM32>\rundll32.exe "%ALLUSERSPROFILE%\Application Data\Internet\updatemgr.dll",SHGetFolderPathA A465C33E-368D-4574-AA6F-CCCA9152923B++{A53757C7-BF5E-4F1D-B3EF-920381A80B95}||%TEMP%\MIC1.tmp
- <SYSTEM32>\rundll32.exe shell32.dll,Control_RunDLL %TEMP%\MIC1.tmp
- %TEMP%\D3.tmp
- %ALLUSERSPROFILE%\Application Data\Internet\updatemgr.dll
- %ALLUSERSPROFILE%\Application Data\Internet\msupmgr.dll
- %ALLUSERSPROFILE%\Application Data\Themes\Blacks.the
- %TEMP%\MIC1.tmp
- %TEMP%\A2.tmp
- %TEMP%\F4.tmp
- %TEMP%\F4.tmp
- %TEMP%\MIC1.tmp
- %TEMP%\A2.tmp
- %TEMP%\D3.tmp
- 'ac####pop3.ddns.us':80
- 'ac####pop3.ddns.us':443
- DNS ASK ac####pop3.ddns.us