Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AdobeFlash' = '%APPDATA%\install_flashSetup.exe'
- Средство контроля пользовательских учетных записей (UAC)
- '%APPDATA%\install_flashSetup.exe'
- firefox.exe
- opera.exe
- chrome.exe
- %TEMP%\OperaPref.txt
- %TEMP%\YandexPref.txt
- %TEMP%\ChromePref.txt
- %TEMP%\fupdate.exe
- %APPDATA%\flash.xpi
- %TEMP%\pref.txt
- C:\Twains_64\%USERNAME%\icon.png
- C:\Twains_64\%USERNAME%\background.js
- %APPDATA%\install_flashSetup.exe
- C:\Twains_64\%USERNAME%\jquery-1.9.1.min.js
- C:\Twains_64\%USERNAME%\script.js
- C:\Twains_64\%USERNAME%\manifest.json
- %APPDATA%\install_flashSetup.exe
- %TEMP%\pref.txt
- %TEMP%\fupdate.exe
- %TEMP%\OperaPref.txt
- %TEMP%\ChromePref.txt
- %TEMP%\YandexPref.txt
- 'www.js###ate.com':80
- 'be###user.com':80
- 'www.be###user.com':80
- www.be###user.com/ajax/jquery-1.9.1.min.js
- be###user.com/ajax/flash.xpi
- www.js###ate.com/bekir.exe
- www.be###user.com/ajax/script.js
- www.be###user.com/ajax/background.js
- www.be###user.com/ajax/icon.png
- www.be###user.com/ajax/manifest.json
- DNS ASK www.js###ate.com
- DNS ASK be###user.com
- DNS ASK www.be###user.com