Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'Client Server Runtime Subsystem' = '"%ALLUSERSPROFILE%\Application Data\Windows\csrss.exe"'
- '%TEMP%\radded45.tmp'
- %HOMEPATH%\local settings\<INETFILES>\content.ie5\z9pmdpek\1c[1].jpg
- %TEMP%\radded45.tmp
- %ALLUSERSPROFILE%\application data\windows\csrss.exe
- %TEMP%\6893a5~1\state.tmp
- %TEMP%\6893a5~1\unverified-microdesc-consensus.tmp
- %TEMP%\6893a5~1\unverified-microdesc-consensus
- %TEMP%\6893a5~1\state.tmp в %TEMP%\6893a5~1\state
- %TEMP%\6893a5~1\unverified-microdesc-consensus.tmp в %TEMP%\6893a5~1\unverified-microdesc-consensus
- 'localhost':1038
- '19#.#09.206.212':443
- '15#.35.32.5':443
- '76.##.17.194':9090
- http://ga###tals.be/wp-content/themes/gridiculous/images/1c.jpg
- DNS ASK ga###tals.be
- '<SYSTEM32>\cmd.exe' /c %TEMP%\radDED45.tmp' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c %TEMP%\radDED45.tmp