Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'MSStockPicture' = '{db500a95-c0ef-4daf-8f93-6e7a38d9e7ac}'
- '%TEMP%\access-password-cracker-2.0.exe'
- '<SYSTEM32>\regsvr32.exe' /s "%TEMP%\windll.dll"
- %TEMP%\windll.dll
- %CommonProgramFiles%\MS\MSStockPicture.dll
- %TEMP%\access-password-cracker-2.0.log
- %TEMP%\access-password-cracker-2.0.exe
- %TEMP%\nsg2.tmp\NSISdl.dll
- %TEMP%\nsg2.tmp\NSISdl.dll
- %TEMP%\windll.dll
- 'cu####tversion.biz':80
- cu####tversion.biz/windows/version.php?ve#####################################
- DNS ASK cu####tversion.biz
- ClassName: 'IEFrame' WindowName: '(null)'
- ClassName: 'MozillaUIWindowClass' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'