Техническая информация
- '%TEMP%\TempFunshion.exe'
- '%TEMP%\TempFunshion.exe' (загружен из сети Интернет)
- '%WINDIR%\sleep.exe' 1000
- '<SYSTEM32>\attrib.exe' -h -s -r -a <SYSTEM32>\delete_funshion.bat
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\delete_funshion.bat
- <SYSTEM32>\delete_funshion.bat
- %TEMP%\TempFunshion.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\download[1].php
- 'pa#####.funshion.com':80
- 'localhost':1036
- pa#####.funshion.com/partner/download.php?id######
- DNS ASK pa#####.funshion.com
- ClassName: '#32770' WindowName: 'Funshion 1.5.2.15 Beta ????'
- ClassName: '#32770' WindowName: 'Funshion 1.5.2.15 Beta ???? '
- ClassName: '#32770' WindowName: '????????'