Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Generic Host Process for Win32 Services' = '%TEMP%\justchedr.exe'
- %TEMP%\kssync.exe (загружен из сети Интернет)
- %TEMP%\getter.exe http://fa###edia.co.cc/videoplayer.exe;%TEMP%\kssync.dat
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\aim.jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\videoplayer[1].exe
- %TEMP%\kssync.dat
- %TEMP%\getter.dat
- %TEMP%\justchedr.exe
- %TEMP%\aim.jpg
- %TEMP%\justchedr.exe
- 'fa###edia.co.cc':80
- 'localhost':1037
- fa###edia.co.cc/videoplayer.exe
- DNS ASK fa###edia.co.cc
- '<IP-адрес в локальной сети>':1038
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''