Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'GetaPassport' = '{95ddda2a-8cfc-49e9-b49d-7e942ba81c5b}'
- %TEMP%\is-65I9G.tmp\access-password-unlocker-3.0.1.tmp /SL5="$300DA,592345,53248,%TEMP%\access-password-unlocker-3.0.1.exe"
- %TEMP%\access-password-unlocker-3.0.1.exe
- <SYSTEM32>\regsvr32.exe /s "%TEMP%\windll.dll"
- %TEMP%\access-password-unlocker-3.0.1.log
- %TEMP%\is-9ORQU.tmp\_isetup\_shfoldr.dll
- %CommonProgramFiles%\Get\GetaPassport.dll
- %TEMP%\windll.dll
- %TEMP%\nsr2.tmp\NSISdl.dll
- %TEMP%\access-password-unlocker-3.0.1.exe
- %TEMP%\is-9ORQU.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-65I9G.tmp\access-password-unlocker-3.0.1.tmp
- 'to####tsfiles.net':80
- to####tsfiles.net/zhmchk/zhmchk.php?sf###########################################
- DNS ASK to####tsfiles.net
- '<IP-адрес в локальной сети>':1036
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'MozillaUIWindowClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''