Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Far2 Update' = 'rundll32 "<LS_APPDATA>\VMware\VMwareUpdate\VMwareupdt32.dll",DllRegisterServer'
- <SYSTEM32>\rundll32.exe "<LS_APPDATA>\VMware\VMwareUpdate\VMwareupdt32.dll",DllRegisterServer 1
- <SYSTEM32>\rundll32.exe %TEMP%\nsv3.tmp\vfpngjr.mbx,DllRegisterServer
- <SYSTEM32>\rundll32.exe "<LS_APPDATA>\VMware\VMwareUpdate\VMwareupdt32.dll",DllRegisterServer 2
- <SYSTEM32>\rundll32.exe %TEMP%\nsv3.tmp\z4eixg7.uqn,DllRegisterServer
- <SYSTEM32>\rundll32.exe %TEMP%\nsv3.tmp\vfpngjr.mbx,DllUnregisterServer
- <SYSTEM32>\rundll32.exe "<LS_APPDATA>\VMware\VMwareUpdate\VMwareupdt32",DllUnregisterServer
- <SYSTEM32>\rundll32.exe "<LS_APPDATA>\VMware\VMwareUpdate\VMwareupdt32",DllRegisterServer
- chrome.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnonZoneCrossing' = '00000000'
- <LS_APPDATA>\VMware\VMwareUpdate\VMwareupdt32.dll
- %TEMP%\nsv3.tmp\z4eixg7.uqn
- %TEMP%\lmgdazpgq.png
- <LS_APPDATA>\Identities\IdentitiesData\Identitiesdata.dll
- %TEMP%\nsv3.tmp\vfpngjr.mbx
- %TEMP%\nsv3.tmp\k4kfjnq.isg
- %TEMP%\nsk2.tmp
- %TEMP%\nsv3.tmp\lkvbu3p.col
- %TEMP%\nsv3.tmp\qhzrtly.hzd
- 'localhost':1036
- DNS ASK nt#.#asa.gov
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Indicator' WindowName: ''