Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'supdate2.dll' = 'RUNDLL32.EXE <SYSTEM32>\supdate2.dll,Run'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'supdate2.dll' = 'REGSVR32.EXE /s <SYSTEM32>\supdate2.dll'
- '%TEMP%\shengji.exe'
- '%TEMP%\s49479.exe'
- %TEMP%\nsv6.tmp\NSISdl.dll
- %TEMP%\s49479.dll
- %TEMP%\temp.exe
- <SYSTEM32>\supdate2.dll
- %TEMP%\s49479.exe
- %TEMP%\nsx2.tmp
- %TEMP%\nsq5.tmp
- %TEMP%\shengji.exe
- %TEMP%\s49479.dll
- 'tb.##gou.com':80
- 'fi###.qqhelper.com':80
- tb.##gou.com/sh/reg.gif?s=###############################################
- fi###.qqhelper.com/bindsoft11/bindsetup.exe
- DNS ASK tb.##gou.com
- DNS ASK fi###.qqhelper.com