Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'Client Server Runtime Subsystem' = '"%PROGRAMDATA%\Windows\csrss.exe"'
- '%TEMP%\rad96b54.tmp'
- rad96b54.tmp
- %TEMP%\rad96b54.tmp
- %PROGRAMDATA%\windows\csrss.exe
- %TEMP%\6893a5~1\state.tmp
- %TEMP%\6893a5~1\unverified-microdesc-consensus.tmp
- %TEMP%\6893a5~1\cached-certs.tmp
- %TEMP%\6893a5~1\cached-microdesc-consensus.tmp
- %TEMP%\6893a5~1\cached-microdescs.new
- %TEMP%\6893a5~1\unverified-microdesc-consensus
- %TEMP%\6893a5~1\state
- %TEMP%\6893a5~1\state.tmp в %TEMP%\6893a5~1\state
- %TEMP%\6893a5~1\unverified-microdesc-consensus.tmp в %TEMP%\6893a5~1\unverified-microdesc-consensus
- %TEMP%\6893a5~1\cached-certs.tmp в %TEMP%\6893a5~1\cached-certs
- %TEMP%\6893a5~1\cached-microdesc-consensus.tmp в %TEMP%\6893a5~1\cached-microdesc-consensus
- %TEMP%\6893a5~1\state
- http://ac####.#7715.shared.hc.ru/errordocs/style/2c.jpg
- DNS ASK ay#######thalhayvancilik.com
- DNS ASK ac####.#7715.shared.hc.ru
- '<SYSTEM32>\cmd.exe' /c %TEMP%\rad96B54.tmp' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c %TEMP%\rad96B54.tmp