Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'Client Server Runtime Subsystem' = '"%PROGRAMDATA%\Windows\csrss.exe"'
- '%TEMP%\rad012af.tmp'
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\caasbycl\1c[1].jpg
- %TEMP%\rad012af.tmp
- %PROGRAMDATA%\windows\csrss.exe
- %TEMP%\6893a5~1\state.tmp
- %TEMP%\6893a5~1\unverified-microdesc-consensus.tmp
- %TEMP%\6893a5~1\cached-certs.tmp
- %TEMP%\6893a5~1\cached-microdesc-consensus.tmp
- %TEMP%\6893a5~1\unverified-microdesc-consensus
- %TEMP%\6893a5~1\state.tmp в %TEMP%\6893a5~1\state
- %TEMP%\6893a5~1\unverified-microdesc-consensus.tmp в %TEMP%\6893a5~1\unverified-microdesc-consensus
- %TEMP%\6893a5~1\cached-certs.tmp в %TEMP%\6893a5~1\cached-certs
- %TEMP%\6893a5~1\cached-microdesc-consensus.tmp в %TEMP%\6893a5~1\cached-microdesc-consensus
- '86.#9.21.38':443
- 'oc##.thawte.com':80
- '19#.#09.206.212':443
- http://sd##.pp.ua/assets/css/1c.jpg
- http://oc##.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D
- DNS ASK yv####kersten.nl
- DNS ASK sd##.pp.ua
- DNS ASK oc##.thawte.com
- '<SYSTEM32>\cmd.exe' /c %TEMP%\rad012AF.tmp' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c %TEMP%\rad012AF.tmp