Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\NetmanSys] 'Start' = '00000002'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\svchost.exe' -k netsvcs
- <SYSTEM32>\svchost.exe
- %ALLUSERSPROFILE%\Application Data\Mozilla\svchost.exe
- %ALLUSERSPROFILE%\Application Data\Mozilla\UV9FXlFbb1NfWVQPBg.bin
- %ALLUSERSPROFILE%\Application Data\Mozilla\svchost.exe
- %ALLUSERSPROFILE%\Application Data\Mozilla\UV9FXlFbb1NfWVQPBg.bin
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- '83.##6.234.250':80
- '95.##5.45.31':80
- '83.##6.234.250':443
- 95.##5.45.31/qMzAFH/zmE2Vp0LliTM/P/w/G.uAUqVosy3clrZIheCAWJKYStI3.php?f=###########################################################
- 95.##5.45.31/l/eCZc/QQjcd4l40N/Z/h9CZfeha4mMIl3jvLotCi.xYAhLoVlWOGcQu.php?iM#######################################################
- 95.##5.45.31/KkjFDLKWFWWk4iCX6FaI-D/VEuC/pB/K1xpmyfngsraj15Y4kd4-tg9dH/8QsK1jlKQCUsCWM2jRw-rp8z58vvWytvlllDOaKa1GCOTwa4sC81m4sB5wvygTHcjzyJbDNb4irwykBZu62Zmg7omqH0RdvFlJKFqlQZUUv1lOQL-b.php
- 95.##5.45.31/wHYL/ITGGlbLa/Z36cQKVwFvWlvNh6aRHE5MevqyZWaFoq7VBR6rHBau1hDg7-otEcygvXSJ9IrilS-MABnSYsjZg.cgi?5U################################################################################
- ClassName: 'Shell_TrayWnd' WindowName: ''