Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winx' = ''
- %ALLUSERSPROFILE%\Application Data\Microsoft\svchost.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\svchost.exe
- '12#.#54.104.236':80
- 'wg####.suroot.com':80
- 12#.#54.104.236/0000000000010B48JD7WbBFHpWFk
- wg####.suroot.com/0000000000010B48JrY8StKPfvq
- DNS ASK wg####.suroot.com