Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'NZIrE3Mk' = 'control.exe "%PROGRAM_FILES%\yhllTcQw\NZIrE3Mk.cpl",0,1'
- %TEMP%\ultimate-zip-cracker-8.0.0.4.exe
- <SYSTEM32>\control.exe "%PROGRAM_FILES%\yhllTcQw\NZIrE3Mk.cpl",0,1
- <SYSTEM32>\rundll32.exe Shell32.dll,Control_RunDLL "%TEMP%\smydk.dll",0,-20
- %TEMP%\smydk.dll
- %PROGRAM_FILES%\yhllTcQw\NZIrE3Mk.cpl
- %TEMP%\ultimate-zip-cracker-8.0.0.4.log
- %TEMP%\ultimate-zip-cracker-8.0.0.4.exe
- %TEMP%\nsv2.tmp\NSISdl.dll
- %TEMP%\nsv2.tmp\NSISdl.dll
- %TEMP%\smydk.dll
- 'wh###ies.biz':80
- wh###ies.biz/whs/chkst.php?sf#########################################
- DNS ASK wh###ies.biz
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''