Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'ContentIndex' = '{0f39ef7b-0456-4043-97ec-e0ccfda9b603}'
- '%TEMP%\remote-desktop-manager-5.8.2.6.exe'
- '<SYSTEM32>\regsvr32.exe' /s "%TEMP%\windll.dll"
- %TEMP%\remote-desktop-manager-5.8.2.6.log
- %TEMP%\nsp4.tmp\InstallOptions.dll
- %CommonProgramFiles%\Content\ContentIndex.dll
- %TEMP%\windll.dll
- %TEMP%\nsy2.tmp\NSISdl.dll
- %TEMP%\remote-desktop-manager-5.8.2.6.exe
- %TEMP%\nsp4.tmp\modern-wizard.bmp
- %TEMP%\nsp4.tmp\ioSpecial.ini
- %TEMP%\nsy2.tmp\NSISdl.dll
- %TEMP%\windll.dll
- 'to####tsfiles.net':80
- to####tsfiles.net/zhmchk/zhmchk.php?sf###########################################
- DNS ASK to####tsfiles.net
- ClassName: 'MozillaUIWindowClass' WindowName: '(null)'
- ClassName: 'IEFrame' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'Remote Desktop Manager'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'