Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ALGSys] 'Start' = '00000002'
- '<SYSTEM32>\svchost.exe' -k netsvcs
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\Com\svchost.exe
- %ALLUSERSPROFILE%\Application Data\Mozilla\UV9FXlFbb1NfWVQPBg.bin
- <SYSTEM32>\Com\svchost.exe
- %ALLUSERSPROFILE%\Application Data\Mozilla\UV9FXlFbb1NfWVQPBg.bin
- '20#.#22.30.5':443
- '10#.#1.197.254':80
- '10#.#1.197.233':443
- 'di##ed.com':80
- di##ed.com/XAXJlsCscmu1MXtg8RXL/JmL-CHUkjjV/Kpgb/M4jXkLGXBgr/VtxI9.pEDW6tQJ7Q-Yqw4Qd8ZfpR4DXBctRt4PXoOdKEaVidnYLU1QcXqm.shtml
- di##ed.com/mmnsF/IBbh6UnVf5I/OnMOf4qcC8FFi-F35Y2j4l/EYwTqHcn6VRrVWBC3snrdKoFcFHf7AUxvWPq1hML9HY8WpATUEq-Df6Rsp5ssE7ojC.jpg
- DNS ASK di##ed.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'