Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\NtmsSvc] 'Start' = '00000002'
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shell32.dll,OpenAs_RunDLL "%TEMP%\szaexe.pdf"
- %TEMP%\~RG2.tmp
- %TEMP%\~EG3.tmp
- <SYSTEM32>\export\logs\log.ini
- %TEMP%\~RG1.tmp
- %TEMP%\110890.exe
- %TEMP%\szaexe.pdf
- <SYSTEM32>\ntmcsvc.dll
- %TEMP%\110890.exe
- %TEMP%\~RG2.tmp
- %TEMP%\~RG1.tmp
- 'sw#####e01.serveftp.org':443
- DNS ASK sw#####e01.serveftp.org
- ClassName: 'Shell_TrayWnd' WindowName: ''