Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'DfMarshal' = '{d54f42c9-8c6c-4892-8d34-f06afeae6c57}'
- <SYSTEM32>\regsvr32.exe /s ""%TEMP%\windll.dll""
- %TEMP%\windll.dll
- %CommonProgramFiles%\DfMarshal\DfMarshal.dll
- %TEMP%\enstella-export-edb-to-pst-2.0.log
- %TEMP%\enstella-export-edb-to-pst-2.0.exe
- %TEMP%\nst2.tmp\NSISdl.dll
- %TEMP%\nst2.tmp\NSISdl.dll
- %TEMP%\windll.dll
- 'ne#####iontracker.com':80
- ne#####iontracker.com/system32/version.php?ve########################################
- DNS ASK ne#####iontracker.com
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'MozillaUIWindowClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''