Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\TlntSvrSys] 'Start' = '00000002'
- '<SYSTEM32>\svchost.exe' -k netsvcs
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\Com\svchost.exe
- %ALLUSERSPROFILE%\Application Data\Mozilla\UV9FXlFbb1NfWVQPBg.bin
- <SYSTEM32>\Com\svchost.exe
- %ALLUSERSPROFILE%\Application Data\Mozilla\UV9FXlFbb1NfWVQPBg.bin
- '93.##8.134.11':80
- '31.##1.17.125':443
- 93.##8.134.11/drIsOmLgY/nd6L8KOvfw3Jn0FJ3gsn5V/7RWNHT9kqDPPgrGvRGWCPRgVL8ZqCMotcPds.cgi?md########################################################################
- 93.##8.134.11/vuqIVQdbP78qdN93le1CEv2B60uZG4ozMRX9YMo4-kqq.oZEdFaBhGo9BxzGrCkyTGo/7hxmfP-8LKxXMxyjovcmVfVmn.H7Lj.dthxzc.php
- DNS ASK yandex.ru
- ClassName: 'Shell_TrayWnd' WindowName: ''