Техническая информация
- '%TEMP%\1\flash.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\JdDbBf7CdDp6DX.vbs"
- %APPDATA%\flashsrv\temposa1246
- %APPDATA%\flashsrv\f.dat
- %TEMP%\TEMP1003456\27-10-2014--02-19-37
- %TEMP%\TEMP1003456\27-10-2014--02-19-57
- %TEMP%\TEMP1003456\27-10-2014--02-19-47
- %TEMP%\JdDbBf7CdDp6DXngoeD2i8RIrCici9.tmp
- %TEMP%\1\flash.exe
- %APPDATA%\flashsrv\JdDbBf7CdDp6DXngoeD2i8RIrCici9.tmp
- %TEMP%\TEMP1003456\27-10-2014--02-19-27
- %TEMP%\JdDbBf7CdDp6DX.vbs
- %TEMP%\JdDbBf7CdDp6DXngoeD2i8RIrCici9.tmp
- %APPDATA%\flashsrv\JdDbBf7CdDp6DXngoeD2i8RIrCici9.tmp в %APPDATA%\flashsrv\flashplayer.exe
- 'ms####.no-ip.biz':80
- 'wp#d':80
- ms####.no-ip.biz/ip.php
- wp#d/wpad.dat
- ms####.no-ip.biz/en/tr2/index.php
- DNS ASK ms####.no-ip.biz
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: ''