Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'WMTFormatConversion' = '{671e90b4-098f-4017-aee0-727d66dc638f}'
- <SYSTEM32>\regsvr32.exe /s "%TEMP%\FlashPlayer.ocx"
- %CommonProgramFiles%\WMT\WMTFormatConversion.dll
- %TEMP%\FlashPlayer.ocx
- 'ne####ringsite.com':80
- 'th####sharing.com':80
- 'ne###arings.com':80
- ne####ringsite.com/gettasks.php?pr#######################
- th####sharing.com/gettasks.php?pr#######################
- ne###arings.com/gettasks.php?pr#######################
- DNS ASK th####sharing.com
- DNS ASK ne####ringsite.com
- DNS ASK ne###arings.com
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'MozillaUIWindowClass' WindowName: ''