Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'FUD Start' = '%TEMP%\FUD.exe'
- <LS_APPDATA>\Xenocode\Sandbox\scan tools\201.1.11.06\2012.09.01T13.50\Native\STUBEXE\8.0.1112\@SYSTEM@\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\Sienzzz.jpg
- <LS_APPDATA>\Xenocode\Sandbox\scan tools\201.1.11.06\2012.09.01T13.50\Native\STUBEXE\8.0.1112\@PROFILE@\Local Settings\Temp\FUD.exe
- <LS_APPDATA>\Xenocode\Sandbox\scan tools\201.1.11.06\2012.09.01T13.50\Virtual\STUBEXE\8.0.1112\@APPDIR@\FUDBind.exe
- %TEMP%\FUD.004
- %ALLUSERSPROFILE%\Start Menu\Programs\Ardamax Keylogger 3.9\Ardamax Keylogger 3.9.lnk
- %TEMP%\Sienzzz.jpg
- %TEMP%\FUD.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''