Техническая информация
- '<SYSTEM32>\regsvr32.exe' /s /c "<SYSTEM32>\MSWINSCK.OCX"
- '<SYSTEM32>\regsvr32.exe' /s /c "<SYSTEM32>\vbMHWB.dll"
- '<SYSTEM32>\regsvr32.exe' /s /c "<SYSTEM32>\advapi32.dll"
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyServer' = 'localhost:3011'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\static[1].php
- <Текущая директория>\static.php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\static[1].php
- <SYSTEM32>\vbMHWB.dll
- <SYSTEM32>\MSWINSCK.OCX
- %TEMP%\MPNNFCkCA-EE7E-442C-057\stunnel.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\static[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\static[1].php
- '30###ghsite.com':80
- 'localhost':1038
- 30###ghsite.com/software/static.php?0.###############
- DNS ASK 30###ghsite.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'