Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'VFXGNxv++pP' = '<LS_APPDATA>\Microsoft\Windows\vaztikh.exe'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\QWRsN2srdjlxUUdDYVp0aTBMUzl2K2V1bWRmMW1CMnRORXRvUFFhMjc5NlZibW5naFZRYTlJeVVEOTdlS1JiaUJ0VGxYOG81Z29yeTVCTmlBY0hkV2FiQ3B0VUpWSnJmM3M4b2g5RWtMWkt1ME9HMW9UaE[1]
- %TEMP%\oyihssrhw.tmp
- <LS_APPDATA>\Microsoft\Windows\vaztikh.exe
- %TEMP%\oyihssrhw.tmp
- 'to#####knetwork.in.net':80
- to#####knetwork.in.net/QWRsN2srdjlxUUdDYVp0aTBMUzl2K2V1bWRmMW1CMnRORXRvUFFhMjc5NlZibW5naFZRYTlJeVVEOTdlS1JiaUJ0VGxYOG81Z29yeTVCTmlBY0hkV2FiQ3B0VUpWSnJmM3M4b2g5RWtMWkt1ME9HMW9UaEEzMG9C
- to#####knetwork.in.net/
- DNS ASK to#####knetwork.in.net
- ClassName: 'Indicator' WindowName: '(null)'