Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'EDS Start' = '<SYSTEM32>\LMYHXJ\EDS.exe'
- <SYSTEM32>\LMYHXJ\EDS.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
- <SYSTEM32>\rundll32.exe dfshim.dll,ShOpenVerbApplication <Текущая директория>\facebook frezzer.application
- Библиотека-обработчик для всех процессов: <SYSTEM32>\LMYHXJ\EDS.001
- <Текущая директория>\facebook frezzer.application
- <SYSTEM32>\LMYHXJ\EDS.exe
- <SYSTEM32>\LMYHXJ\EDS.008
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\CAO5QVSD.log
- %TEMP%\Deployment\4WNECNHL.VAJ\6CWKLXYW.NHA.application
- <SYSTEM32>\LMYHXJ\EDS.003
- <SYSTEM32>\LMYHXJ\EDS.001
- <SYSTEM32>\LMYHXJ\EDS.004
- <SYSTEM32>\LMYHXJ\EDS.002
- <SYSTEM32>\LMYHXJ\EDS.chm
- <SYSTEM32>\LMYHXJ\AKV.exe
- %TEMP%\Deployment\4WNECNHL.VAJ\6CWKLXYW.NHA.application
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'AKLMW'