Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'DfMarshal' = '{481decce-6154-497e-8f1a-4db66215ec00}'
- <SYSTEM32>\regsvr32.exe /s ""%TEMP%\windll.dll""
- %TEMP%\_ir_sf_temp_0\IRIMG2.JPG
- %TEMP%\_ir_sf_temp_0\IRIMG1.JPG
- %CommonProgramFiles%\DfMarshal\DfMarshal.dll
- %TEMP%\windll.dll
- %TEMP%\_ir_sf_temp_0\irsetup.dat
- %TEMP%\nsc2.tmp\NSISdl.dll
- %TEMP%\reginout-2.0.0.1000.exe
- %TEMP%\reginout-2.0.0.1000.log
- %TEMP%\_ir_sf_temp_0\irsetup.exe
- %TEMP%\nsc2.tmp\NSISdl.dll
- %TEMP%\windll.dll
- %TEMP%\_ir_sf_temp_0\irsetup.dat
- 'to####tsfiles.net':80
- to####tsfiles.net/zhmchk/zhmchk.php?sf################################
- DNS ASK to####tsfiles.net
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'MozillaUIWindowClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''