Техническая информация
- %WINDIR%\Tasks\FlexiPod.job
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 -n 5 > nul & del "%TEMP%\7ZipSfx.000\webfriend1500378563.exe" > nul
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 5
- '<SYSTEM32>\rundll32.exe' "%ProgramFiles%\FlexiPod\FlexiPod.dll",lRCFKG
- '%TEMP%\7ZipSfx.000\webfriend1500378563.exe' /VERYSILENT /password=G@F@!-_F4bG_@S-?gF /subid=seosite2
- '%TEMP%\is-NNQHD.tmp\webfriend1500378563.tmp' /SL5="$40036,1061555,57856,%TEMP%\7ZipSfx.000\webfriend1500378563.exe" /VERYSILENT /password=G@F@!-_F4bG_@S-?gF /subid=seosite2
- %ProgramFiles%\FlexiPod\is-FIE46.tmp
- %ProgramFiles%\FlexiPod\is-4IQF1.tmp
- %ProgramFiles%\FlexiPod\1872648398
- %TEMP%\7ZipSfx.000\webfriend1500378563.exe
- %TEMP%\is-NNQHD.tmp\webfriend1500378563.tmp
- %TEMP%\is-SEP2R.tmp\_isetup\_iscrypt.dll
- %TEMP%\7ZipSfx.000\webfriend1500378563.exe
- %TEMP%\is-NNQHD.tmp\webfriend1500378563.tmp
- %TEMP%\is-SEP2R.tmp\_isetup\_iscrypt.dll
- %ProgramFiles%\FlexiPod\is-4IQF1.tmp в %ProgramFiles%\FlexiPod\1872648398
- %ProgramFiles%\FlexiPod\is-FIE46.tmp в %ProgramFiles%\FlexiPod\FlexiPod.dll
- 'cd###load.com':80
- http://cd###load.com/aff/?a=#########################
- DNS ASK cd###load.com
- ClassName: 'Shell_TrayWnd' WindowName: ''