Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\userinit.exe] 'Debugger' = 'execcsrv.exe'
- %WINDIR%\Explorer.EXE
- opera.exe
- <SYSTEM32>\execcsrv.exe
- 'na##vo.com':80
- 'al######ub.servegame.com':80
- 'br##tox.com':80
- '74.##5.232.51':80
- 'vi##ns.net':80
- 74.##5.232.51/
- na##vo.com/dot/?42#######
- al######ub.servegame.com/dot/?-2#########
- vi##ns.net/dot/?22########
- br##tox.com/dot/?-2########
- DNS ASK al######ub.servegame.com
- DNS ASK mu#####er.sendsmtp.com
- DNS ASK ti####ace.my03.com
- DNS ASK na##vo.com
- DNS ASK www.google.com
- DNS ASK vi##ns.net
- DNS ASK br##tox.com