Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'DSPrintQueueClass' = '{a027ab09-ec06-44b7-ab25-b484541373d1}'
- %TEMP%\ReimagePackage.exe "/Location=%TEMP%\reimage-1.3.2.5.exe"
- %TEMP%\reimage-1.3.2.5.exe
- %TEMP%\ReimagePackage.exe (загружен из сети Интернет)
- <SYSTEM32>\regsvr32.exe /s %TEMP%\windll.dll
- %CommonProgramFiles%\DSPrintQueue\DSPrintQueueClass.dll
- %TEMP%\windll.dll
- %TEMP%\ReimagePackage.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ReimagePackage[1].exe
- %TEMP%\nsm4.tmp\inetc.dll
- %TEMP%\nsv2.tmp\NSISdl.dll
- %TEMP%\reimage-1.3.2.5.exe
- %TEMP%\reimage-1.3.2.5.log
- %TEMP%\nsm4.tmp\KillProc.dll
- %TEMP%\nsm4.tmp\inetc.dll
- %TEMP%\nsm4.tmp\KillProc.dll
- %TEMP%\windll.dll
- %TEMP%\nsv2.tmp\NSISdl.dll
- 'cd####.reimage.com':80
- '20#.#26.167.92':80
- cd####.reimage.com/ReimagePackage.exe
- 20#.#26.167.92/tor2_5/trun2.php?tn################
- DNS ASK cd####.reimage.com
- ClassName: 'MozillaUIWindowClass' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: '#32770' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''