Техническая информация
- %WINDIR%\Tasks\MsUpdateTask.job
- [<HKLM>\SYSTEM\ControlSet001\Services\Schedule] 'Start' = '00000002'
- <SYSTEM32>\rundll32.exe /s "%WINDIR%\winsh3.dll",SendStatisticDataOnInstall
- <SYSTEM32>\rundll32.exe %WINDIR%\winsh3.dll,fnOpen
- <SYSTEM32>\rundll32.exe "%WINDIR%\winsh3.dll",CloseExistedDllByRundll32 %WINDIR%\winsh3.dll
- <SYSTEM32>\rundll32.exe /s "%WINDIR%\winsh3.dll",UpdateIFEOInfo
- %WINDIR%\winsh3.dll
- %TEMP%\nsc2.tmp
- 'to##.kaola.cn':80
- to##.kaola.cn/toolPage/toolSn.jsp
- DNS ASK to##.kaola.cn
- ClassName: 'Shell_TrayWnd' WindowName: ''