Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'fsawfaz' = '<LS_APPDATA>\fsawfaz.exe'
- '<LS_APPDATA>\fsawfaz.exe' (загружен из сети Интернет)
- '<LS_APPDATA>\fsawfaz.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\casfdgfssdf.png
- %HOMEPATH%\Local Settings\<INETFILES>\1477851615i
- <LS_APPDATA>\fsawfaz.exe
- %TEMP%\casfdgfssdf.png
- 'pr###scr33n.us':80
- 'i.##gur.com':80
- 'wp#d':80
- http://pr###scr33n.us/sdavcz.php?N2
- http://i.##gur.com/VDf3a.jpg
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK pr###scr33n.us
- DNS ASK i.##gur.com
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''