Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\FXSEXT32] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\FXSEXT32] 'ImagePath' = '"%WINDIR%\SysWOW64\FXSEXT32\FXSEXT32.exe"'
- 'FXSEXT32' "%WINDIR%\SysWOW64\FXSEXT32\FXSEXT32.exe"
- 'FXSEXT32' %WINDIR%\SysWOW64\FXSEXT32\FXSEXT32.exe
- из <Полный путь к файлу> в %WINDIR%\syswow64\fxsext32\fxsext32.exe
- '17#.#7.150.13':8080
- '18#.#1.222.187':80
- http://18#.#1.222.187/GZW8t1ojRqGP9/xJGLimzVNF/yR6EwBuT5/sW3JYoJRinUL9sx/