Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '"%TEMP%\cisvc.exe"'
- %TEMP%\cisvc.exe
- 'ab###.ptrade.ch':80
- ab###.ptrade.ch/7625.html
- ab###.ptrade.ch/7616.html
- ab###.ptrade.ch/7609.html
- ab###.ptrade.ch/7648.html
- ab###.ptrade.ch/7642.html
- ab###.ptrade.ch/7632.html
- ab###.ptrade.ch/7603.html
- ab###.ptrade.ch/7570.html
- ab###.ptrade.ch/7560.html
- ab###.ptrade.ch/7508.html
- ab###.ptrade.ch/7593.html
- ab###.ptrade.ch/7586.html
- ab###.ptrade.ch/7576.html
- DNS ASK ab###.ptrade.ch
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''