Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'PlainText' = '{926ce1d9-5997-48f1-92d0-c7d8faf4cbcc}'
- <SYSTEM32>\regsvr32.exe /s "%TEMP%\windll.dll"
- %TEMP%\is-3GJJI.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-3GJJI.tmp\_isetup\_RegDLL.tmp
- %CommonProgramFiles%\Plain\PlainText.dll
- %TEMP%\windll.dll
- %TEMP%\nsu2.tmp\NSISdl.dll
- %TEMP%\remote-desktop-spy-5.10.exe
- %TEMP%\remote-desktop-spy-5.10.log
- %TEMP%\is-GPAEO.tmp\remote-desktop-spy-5.10.tmp
- %TEMP%\nsu2.tmp\NSISdl.dll
- %TEMP%\windll.dll
- '20#.#26.167.92':80
- 20#.#26.167.92/tor3_1/trun2.php?tn########################
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'MozillaUIWindowClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''