Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'pIxe2rlwj' = 'control.exe "%PROGRAM_FILES%\e9soUSZ9nJDwwn\pIxe2rlwj.cpl",0,1'
- %TEMP%\magic-image-resizer-1.7.exe
- <SYSTEM32>\rundll32.exe Shell32.dll,Control_RunDLL "%PROGRAM_FILES%\e9soUSZ9nJDwwn\pIxe2rlwj.cpl",0,1
- <SYSTEM32>\control.exe "%PROGRAM_FILES%\e9soUSZ9nJDwwn\pIxe2rlwj.cpl",0,1
- <SYSTEM32>\rundll32.exe Shell32.dll,Control_RunDLL "%TEMP%\t1jqFcxB4P.dll",0,-8
- %TEMP%\magic-image-resizer-1.7.log
- %TEMP%\nsx5.tmp\InstallOptions.dll
- %PROGRAM_FILES%\e9soUSZ9nJDwwn\pIxe2rlwj.cpl
- %TEMP%\t1jqFcxB4P.dll
- %TEMP%\nsx5.tmp\modern-wizard.bmp
- %TEMP%\nsv2.tmp\NSISdl.dll
- %TEMP%\magic-image-resizer-1.7.exe
- %TEMP%\nsx5.tmp\ioSpecial.ini
- %TEMP%\nsc4.tmp
- %TEMP%\nsv2.tmp\NSISdl.dll
- %TEMP%\t1jqFcxB4P.dll
- 'fr####ersion.biz':80
- fr####ersion.biz/version.php?ve#################################
- DNS ASK fr####ersion.biz
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''