Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'suliges' = 'Rundll32.exe "<SYSTEM32>\nehakit.dll" s'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = '<SYSTEM32>\nehakit.dll'
- <SYSTEM32>\rundll32.exe "<SYSTEM32>\nehakit.dll" s
- <SYSTEM32>\nehakit.dll
- 'ni##rht.com':80
- ni##rht.com/cb/exe_in_db.php?ui##################################################
- DNS ASK ni##rht.com