Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'U5hBRj8JOP' = 'control.exe "%PROGRAM_FILES%\JuPR3NNm\U5hBRj8JOP.cpl",0,1'
- <SYSTEM32>\rundll32.exe Shell32.dll,Control_RunDLL "%PROGRAM_FILES%\JuPR3NNm\U5hBRj8JOP.cpl",0,1
- <SYSTEM32>\control.exe "%PROGRAM_FILES%\JuPR3NNm\U5hBRj8JOP.cpl",0,1
- <SYSTEM32>\rundll32.exe Shell32.dll,Control_RunDLL ""%TEMP%\Bn8nDjsjMpJZe.dll"",0,-9
- %TEMP%\nsh5.tmp\InstallOptions.dll
- %TEMP%\nsh5.tmp\modern-header.bmp
- %TEMP%\mask-my-ip-2.1.5.6.log
- %PROGRAM_FILES%\JuPR3NNm\U5hBRj8JOP.cpl
- %TEMP%\Bn8nDjsjMpJZe.dll
- %TEMP%\nsd2.tmp\NSISdl.dll
- %TEMP%\mask-my-ip-2.1.5.6.exe
- %TEMP%\nsg4.tmp
- %TEMP%\nsh5.tmp\modern-wizard.bmp
- %TEMP%\nsh5.tmp\ioSpecial.ini
- %TEMP%\nsd2.tmp\NSISdl.dll
- %TEMP%\Bn8nDjsjMpJZe.dll
- 'fr####ersion.biz':80
- fr####ersion.biz/version.php?ve############################
- DNS ASK fr####ersion.biz
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''