Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'logonpsrv' = '"%APPDATA%\Roaming\logonpsrv.exe" -autorun'
- '<SYSTEM32>\wermgr.exe' -queuereporting
- '<SYSTEM32>\rundll32.exe' "<SYSTEM32>\WININET.dll",DispatchAPICall 1
- %WINDIR%\Explorer.EXE
- %APPDATA%\Roaming\logonpsrv.exe
- 'bi#####ked.sendsmtp.com':80
- 'ci#####rw.servegame.com':80
- 'mu#####mex.sytes.net':80
- 'ra###rquest.com':80
- '74.##5.232.51':80
- 're##ck.com':80
- 'fu##y.net':80
- 74.##5.232.51/
- bi#####ked.sendsmtp.com/net/?22########
- ci#####rw.servegame.com/net/?12########
- mu#####mex.sytes.net/net/?-2#######
- re##ck.com/net/?72#######
- fu##y.net/net/?-2########
- ra###rquest.com/net/?-2########
- DNS ASK bi#####ked.sendsmtp.com
- DNS ASK ci#####rw.servegame.com
- DNS ASK mu#####mex.sytes.net
- DNS ASK ra###rquest.com
- DNS ASK www.google.com
- DNS ASK re##ck.com
- DNS ASK fu##y.net
- ClassName: 'Indicator' WindowName: '(null)'