Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\userinit.exe] 'Debugger' = 'logonmcdns.exe'
- %WINDIR%\Explorer.EXE
- opera.exe
- <SYSTEM32>\logonmcdns.exe
- 'bi#####ked.sendsmtp.com':80
- 'ci#####rw.servegame.com':80
- 'mu#####mex.sytes.net':80
- 'ra###rquest.com':80
- '74.##5.232.51':80
- 're##ck.com':80
- 'fu##y.net':80
- 74.##5.232.51/
- bi#####ked.sendsmtp.com/net/?12########
- ci#####rw.servegame.com/net/?12########
- mu#####mex.sytes.net/net/?12########
- re##ck.com/net/?12########
- fu##y.net/net/?12########
- ra###rquest.com/net/?-2#########
- DNS ASK bi#####ked.sendsmtp.com
- DNS ASK ci#####rw.servegame.com
- DNS ASK mu#####mex.sytes.net
- DNS ASK ra###rquest.com
- DNS ASK www.google.com
- DNS ASK re##ck.com
- DNS ASK fu##y.net