Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ScheduleSys] 'Start' = '00000002'
- '<SYSTEM32>\svchost.exe' -k netsvcs
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\Com\svchost.exe
- %ALLUSERSPROFILE%\Application Data\Mozilla\UV9FXlFbb1NfWVQPBg.bin
- <SYSTEM32>\Com\svchost.exe
- %ALLUSERSPROFILE%\Application Data\Mozilla\UV9FXlFbb1NfWVQPBg.bin
- '20#.#22.30.5':443
- '10#.#1.197.254':80
- '10#.#1.197.233':443
- 'di##ed.com':80
- di##ed.com/wrxIbUC/Bpu5SN2V/txID2M/fhNzobZ8eGWz7jiwxBgmrtwk.mkaOQMRglsdLY8HW9sp-BJppj.cgi?pn######################################################################
- di##ed.com/MaIHCmz/t0E0WmTFVZXvs/ucLfeph2s5mJuJpBqnZ/MC8bgtVFd8yDH6mbwfbx81kU10n2aZIGMXn6M.U/mbsK8s48-U8JS8XCD2XeN0LUHxdZb1wwm6zlk2vMVq19pInBoDd42H2hnxtX-TndWXu0XvAFsdawIlw4I0zxQnSfvs.php
- di##ed.com/ZymfYJsVvGA-vo4VBTvwBdpPtO3O/L7LRf.jL39HWZ7aXEadn.q1zzVV58tFyCBbX61ZsBk-79gb107gEB82kbg8uEJDDSr9Ugn/cWy6VK2q0O2EvqdK3f6AiIpRXJ1X8JOcjC8hC37c6fv8P664p2guUEuhey-A-lY4KYEs0j.htm
- DNS ASK di##ed.com
- ClassName: 'Shell_TrayWnd' WindowName: ''