Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'XF8EX8K2CD' = '"%TEMP%\1.js"'
- %HOMEPATH%\Start Menu\Programs\Startup\1.js
- <Drive name for removable media>:\1.js
- %TEMP%\1.js
- %TEMP%\2.m3u
- <Drive name for removable media>:\1.js
- 'localhost':1036
- 'ki#####tv.podzone.org':2103
- 's1.##ectru.biz':8080
- DNS ASK ki#####tv.podzone.org
- DNS ASK s1.##ectru.biz
- ClassName: 'ReBarWindow32' WindowName: ''
- ClassName: 'WMP9DeskBand' WindowName: 'WMP9DeskBand'
- '<SYSTEM32>\wscript.exe' "%TEMP%\1.js"
- '%ProgramFiles%\Windows Media Player\wmplayer.exe' /prefetch:6 /Play "%TEMP%\2.m3u"
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 30 /tn Skype /tr "%TEMP%\1.js