Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%APPDATA%\xszry.exe'
- %WINDIR%\Explorer.EXE
- %APPDATA%\xszry.exe
- %APPDATA%\xszry.exe
- DNS ASK ma####funoggun.com
- DNS ASK cl####lackz.info
- DNS ASK ma#####uneleggua.com
- 'cl####lackz.info':8010
- 'ma#####uneleggua.com':8010
- 'ma####funoggun.com':8010
- ClassName: 'Progman' WindowName: '(null)'