Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'flashplayer' = '"%APPDATA%\Abode\flashplayer.exe"'
- '<SYSTEM32>\wscript.exe' "%TEMP%\ibcTfRiCWE6c7y.vbs"
- %TEMP%\253F2.dmp
- %TEMP%\dw.log
- %APPDATA%\Abode\Update\23-12-2013--16-59-48.jpg
- %APPDATA%\Abode\temposa1246
- %TEMP%\ibcTfRiCWE6c7yA24CzVtdyMMtC6Ob.tmp
- %TEMP%\Cənubi_Qafqazın_qaynar.docx
- %TEMP%\ibcTfRiCWE6c7y.vbs
- %APPDATA%\Abode\ibcTfRiCWE6c7yA24CzVtdyMMtC6Ob.tmp
- %APPDATA%\Abode\temposa1246
- %TEMP%\ibcTfRiCWE6c7yA24CzVtdyMMtC6Ob.tmp
- %APPDATA%\Abode\ibcTfRiCWE6c7yA24CzVtdyMMtC6Ob.tmp в %APPDATA%\Abode\flashplayer.exe
- 'ms####.no-ip.biz':80
- 'wp#d':80
- wp#d/wpad.dat
- ms####.no-ip.biz/api/index.php
- DNS ASK ms####.no-ip.biz
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'