Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Security Manager' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\wsman] 'Start' = '00000002'
- '<SYSTEM32>\mssecmgr.exe'
- <SYSTEM32>\wbem\wmimngr.exe
- <SYSTEM32>\srch.dll
- <SYSTEM32>\mssecmgr.exe
- <SYSTEM32>\cps32.dll
- <SYSTEM32>\wbem\wmimngr.exe
- 'ka####ca.abuser.eu':8248
- DNS ASK ka####ca.abuser.eu