Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\api_socket_service] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\api_socket_service] 'ImagePath' = '%PROGRAMDATA%\17f2f5d1e1\5d27f2bd37.exe'
- %PROGRAMDATA%\17f2f5d1e1\5d27f2bd37.exe
- %WINDIR%\temp\ima30a7.tmp
- %WINDIR%\temp\ima30a7.tmp
- DNS ASK bi###iri.org
- '255.255.255.255':33445
- '%PROGRAMDATA%\17f2f5d1e1\5d27f2bd37.exe'