Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'VFXGNxv++pP' = '<LS_APPDATA>\Microsoft\Windows\nadhnwd.exe'
- <SYSTEM32>\svchost.exe
- %WINDIR%\explorer.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\QWRsN2srdjlxUUdDYVp0aTBMUzl2Kyt1Rkw2RnFCckhoS0J5VVRxYzlEZWJyRkI3UnJPakVLLzJ1ZDFaYU5VcndLQm9pTjBXY1FGV3VxSmFVOXRIRU1yYTFHaTA2cDdEMjdZaX...
- %TEMP%\modmqaoop.tmp
- <LS_APPDATA>\Microsoft\Windows\nadhnwd.exe
- <Полный путь к файлу>
- %TEMP%\modmqaoop.tmp
- '10#.#32.33.17':80
- http://10#.#32.33.17/QWRsN2srdjlxUUdDYVp0aTBMUzl2Kyt1Rkw2RnFCckhoS0J5VVRxYzlEZWJyRkI3UnJPakVLLzJ1ZDFaYU5VcndLQm9pTjBXY1FGV3VxSmFVOXRIRU1yYTFHaTA2cDdEMjdZaXR6b3Y=
- http://10#.#32.33.17/
- ClassName: 'shell_traywnd' WindowName: ''
- ClassName: 'HHTaskBar' WindowName: ''
- '<SYSTEM32>\svchost.exe'
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\attrib.exe'