Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\Tasks\TespayServer.exe'
- %WINDIR%\Tasks\TespayServer.exe
- '%WINDIR%\Tasks\TespayServer.exe'
- '<SYSTEM32>\wermgr.exe' -queuereporting
- 'ju#####727.gnway.net':8001
- '17#.#39.79.206':222
- 'any':8001
- 'localhost':64393
- DNS ASK dn#.##ftncsi.com
- DNS ASK ju#####727.gnway.net