Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Content' = 'rundll32.exe "%ALLUSERSPROFILE%\Application Data\Microsoft\Content.dll",Emba'
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\rundll32.exe' "%ALLUSERSPROFILE%\Application Data\Microsoft\Content.dll",SvcMain <Полный путь к файлу>
- '<SYSTEM32>\rundll32.exe' "%ALLUSERSPROFILE%\Application Data\Microsoft\Content.dll"Emba
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\rundll32.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\updata-server[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\updata-server[1]
- %TEMP%\124031_res.tmp
- %ALLUSERSPROFILE%\DRM\RasTls\cacybbzcwpxbbxg
- %TEMP%\124031_res.tmp в %ALLUSERSPROFILE%\Application Data\Microsoft\Content.dll
- '74.##5.232.51':80
- http://co##.google.com/p/updata-server via 74.##5.232.51
- DNS ASK co##.google.com