Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '\WINDOWS\Temp\servcie6133933.exe' = '%WINDIR%\Temp\servcie6133933.exe'
- <SYSTEM32>\lsass.exe
- <SYSTEM32>\wmicuclt.exe
- %WINDIR%\Temp\servcie6133933.exe
- 'sd###wzrj.com':2018
- DNS ASK e.##idn.net
- DNS ASK e.##ift.in
- DNS ASK sd###wzrj.com
- DNS ASK e.##ift.com