Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'UPnPDescriptionDocument' = '{f3c042f9-b7b0-4514-b928-bf2e33817832}'
- %TEMP%\microsoft-access-database-reader-2.0.exe
- <SYSTEM32>\regsvr32.exe /s "%TEMP%\windll.dll"
- %TEMP%\windll.dll
- %CommonProgramFiles%\UPnPDescriptionDocument\UPnPDescriptionDocument.dll
- %TEMP%\microsoft-access-database-reader-2.0.log
- %TEMP%\microsoft-access-database-reader-2.0.exe
- %TEMP%\nsn2.tmp\NSISdl.dll
- %TEMP%\nsn2.tmp\NSISdl.dll
- %TEMP%\windll.dll
- 'to####tsfiles.net':80
- to####tsfiles.net/zhmchk/zhmchk.php?sf#################################################
- DNS ASK to####tsfiles.net
- '<IP-адрес в локальной сети>':1034
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'MozillaUIWindowClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''