Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Sawupcoqqr' = '%HOMEPATH%\Contacts\rqqocpuwaS.url'
- <SYSTEM32>\logagent.exe
- %HOMEPATH%\contacts\sawupcoqqr.exe
- %HOMEPATH%\contacts\rqqocpuwas.url
- 'on####ve.live.com':443
- 'd9####.#m.files.1drv.com':443
- 'on####ve.live.com':443
- 'd9####.#m.files.1drv.com':443
- DNS ASK on####ve.live.com
- DNS ASK d9####.#m.files.1drv.com
- '<SYSTEM32>\logagent.exe'