Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'ActiveX Component' = '%APPDATA%\ActiveX\manager.exe�'
- %WINDIR%\syswow64\secinit.exe
- %TEMP%\get.com
- %APPDATA%\activex\manager.exe
- %TEMP%\get.com
- 'in####almakeup.com':443
- 'in###-pulse.com':443
- DNS ASK in####almakeup.com
- DNS ASK in###-pulse.com
- ClassName: 'MS_WINHELP' WindowName: ''
- '%TEMP%\get.com'
- '%APPDATA%\activex\manager.exe' "%TEMP%\get.com" ensgJJ
- '%APPDATA%\activex\manager.exe' "%TEMP%\get.com" ensgJJ' (со скрытым окном)
- '%WINDIR%\syswow64\secinit.exe'