Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%APPDATA%\mcyiq.exe'
- %WINDIR%\Explorer.EXE
- %APPDATA%\mcyiq.exe
- %APPDATA%\mcyiq.exe
- DNS ASK al#####.xylocomod.com
- DNS ASK te#.##locomod.com
- 'al#####.xylocomod.com':8007
- 'te#.##locomod.com':8007
- ClassName: 'Progman' WindowName: ''