Техническая информация
- '%TEMP%\RarSFX1\Knop.exe'
- '%TEMP%\RarSFX0\Knop.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\RarSFX0\f.vbs"
- '<SYSTEM32>\attrib.exe' +s +h %WINDIR%\FlashPlayer
- '<SYSTEM32>\wscript.exe' "%TEMP%\RarSFX0\start.vbs"
- %APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\FlashPlayer[1].exe
- %WINDIR%\FlashPlayer\FlashPlayer.exe
- %TEMP%\RarSFX1\Knop.exe
- %TEMP%\RarSFX0\f.vbs
- %TEMP%\RarSFX0\Knop.exe
- %TEMP%\RarSFX0\start.vbs
- %TEMP%\RarSFX0\Knop.exe
- %TEMP%\RarSFX0\f.vbs
- %APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
- %APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx в %APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
- 'ri###.narod.ru':80
- 'localhost':1035
- ri###.narod.ru/S-E861982F-7938-4D31/FlashPlayer.exe
- DNS ASK ri###.narod.ru
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'