Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'VN6utIxsJiM' = '<LS_APPDATA>\Microsoft\Windows\rshxzbm.exe'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %TEMP%\uwctzuaaf.tmp
- <LS_APPDATA>\Microsoft\Windows\rshxzbm.exe
- %TEMP%\uwctzuaaf.tmp
- '18#.#2.68.217':80
- http://18#.#2.68.217/qgxNrt6kOlCIeWH0oMCcOO2zpd5ByXxqmVR0N9+YyfIWhMUo3Sb4+PWt5bM48A7hiKlXemqdtQKOqcCko56MGpydBLvXnfC5tSX04WcDmz19zk9v8DefcUQhlygOPDh8HDj0c4PoBJuG=kuth63WWu5RXlR44=fcwCi=WomXO5n4...
- http://18#.#2.68.217/
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'gxqwscs' WindowName: 'srvmcymgkkmasiqhiocpfckultcxalf jqgmfhtadiqmputlebgx'