Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'Client Server Runtime Subsystem' = '"%PROGRAMDATA%\Windows\csrss.exe"'
- '%TEMP%\rad702aa.tmp'
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\caasbycl\1c[1].jpg
- %TEMP%\rad702aa.tmp
- %PROGRAMDATA%\windows\csrss.exe
- %TEMP%\6893a5~1\state.tmp
- %TEMP%\6893a5~1\unverified-microdesc-consensus.tmp
- %TEMP%\6893a5~1\cached-certs.tmp
- %TEMP%\6893a5~1\cached-microdesc-consensus.tmp
- %TEMP%\6893a5~1\cached-microdescs.new
- %TEMP%\6893a5~1\unverified-microdesc-consensus
- %TEMP%\6893a5~1\state.tmp в %TEMP%\6893a5~1\state
- %TEMP%\6893a5~1\unverified-microdesc-consensus.tmp в %TEMP%\6893a5~1\unverified-microdesc-consensus
- %TEMP%\6893a5~1\cached-certs.tmp в %TEMP%\6893a5~1\cached-certs
- %TEMP%\6893a5~1\cached-microdesc-consensus.tmp в %TEMP%\6893a5~1\cached-microdesc-consensus
- 'localhost':49166
- '76.##.17.194':9090
- '12#.31.0.39':9101
- '19#.#3.244.244':443
- '69.##.219.82':9001
- '19#.#54.164.243':443
- '18#.#6.180.164':443
- 'localhost':41866
- http://oc##.###-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgPeL%2Bs%2FFvBx%2BJeRBlLQP%2FvC4w%3D%3D
- DNS ASK ni###vent.dk
- DNS ASK oc##.###-x3.letsencrypt.org
- '<SYSTEM32>\cmd.exe' /c %TEMP%\rad702AA.tmp' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c %TEMP%\rad702AA.tmp