Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe, %TEMP%\perflib\svchost.exe'
- '%TEMP%\perflib\svchost.exe'
- %TEMP%\perflib\svchost.exe
- %TEMP%\perflib\svchost.exe
- 'za#####.clanteam.com':80
- za#####.clanteam.com/pfgflkj/command.txt
- za#####.clanteam.com/pfgflkj/bot.php?ve###################
- DNS ASK za#####.clanteam.com