Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'ADsDNWith' = '{89c7d4a3-5744-4105-b190-39f7f868914a}'
- <SYSTEM32>\regsvr32.exe /s ""%TEMP%\windll.dll""
- %TEMP%\immonitor-facebook-spy-1.2.log
- %TEMP%\is-DJSLA.tmp\_isetup\_shfoldr.dll
- %CommonProgramFiles%\ADs\ADsDNWith.dll
- %TEMP%\windll.dll
- %TEMP%\nsa2.tmp\NSISdl.dll
- %TEMP%\immonitor-facebook-spy-1.2.exe
- %TEMP%\is-DJSLA.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-30221.tmp\immonitor-facebook-spy-1.2.tmp
- %TEMP%\nsa2.tmp\NSISdl.dll
- %TEMP%\windll.dll
- 'cu####tversion.biz':80
- cu####tversion.biz/windows/version.php?ve####################################
- DNS ASK cu####tversion.biz
- '<IP-адрес в локальной сети>':1035
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'MozillaUIWindowClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''