Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'VFXGNxv++pP' = '<LS_APPDATA>\Microsoft\Windows\ciudaar.exe'
- '<SYSTEM32>\svchost.exe'
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\attrib.exe'
- <SYSTEM32>\svchost.exe
- %WINDIR%\explorer.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\QWRsN2srdjlxUUdDYVp0aTBMUzl2Kyt1RmY2SG52bWVmcUpyS2hvOFI0RVVXZ1o0bklaUExzbXp1dXhBTUV3YWNieHdudm5rMlZsMjk4SmtBUXZ6cStPclNmWmQ5Mno4WkNGRF...
- %TEMP%\mtbeisonj.tmp
- <LS_APPDATA>\Microsoft\Windows\ciudaar.exe
- <Полный путь к файлу>
- %TEMP%\mtbeisonj.tmp
- '23.##9.163.103':80
- http://23.##9.163.103/QWRsN2srdjlxUUdDYVp0aTBMUzl2Kyt1RmY2SG52bWVmcUpyS2hvOFI0RVVXZ1o0bklaUExzbXp1dXhBTUV3YWNieHdudm5rMlZsMjk4SmtBUXZ6cStPclNmWmQ5Mno4WkNGRFhZaHNtVzEzalIrMHp5dVA=
- http://23.##9.163.103/
- ClassName: 'shell_traywnd' WindowName: ''
- ClassName: 'menu' WindowName: ''