Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'XMLGraphbuilder' = '{c0f4f375-663a-492b-adec-6c7bb2be73cc}'
- %TEMP%\is-UDKO1.tmp\wondershare-data-recovery-1.5.0.tmp /SL5="$300DA,1905046,72192,%TEMP%\wondershare-data-recovery-1.5.0.exe"
- %TEMP%\wondershare-data-recovery-1.5.0.exe
- <SYSTEM32>\regsvr32.exe /s "%TEMP%\windll.dll"
- %TEMP%\wondershare-data-recovery-1.5.0.log
- %TEMP%\is-GT4T2.tmp\_isetup\_shfoldr.dll
- %CommonProgramFiles%\XML\XMLGraphbuilder.dll
- %TEMP%\windll.dll
- %TEMP%\nsc2.tmp\NSISdl.dll
- %TEMP%\wondershare-data-recovery-1.5.0.exe
- %TEMP%\is-GT4T2.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-UDKO1.tmp\wondershare-data-recovery-1.5.0.tmp
- %TEMP%\nsc2.tmp\NSISdl.dll
- %TEMP%\windll.dll
- 'cu####tversion.biz':80
- cu####tversion.biz/windows/version.php?ve#########################################
- DNS ASK cu####tversion.biz
- '<IP-адрес в локальной сети>':1035
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'MozillaUIWindowClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''