Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ReaLLogger' = '%WINDIR%\rptzw123.exe'
- %WINDIR%\rptzw123.exe
- <SYSTEM32>\svchost.exe
- %WINDIR%\rptzw123.exe
- %TEMP%\jaa.exe
- %WINDIR%\rptzw123.exe
- 'po####hara.aiq.ru':21
- DNS ASK po####hara.aiq.ru
- ClassName: 'Indicator' WindowName: ''