Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Security Client' = '<SYSTEM32>\msseces.exe'
- <SYSTEM32>\msseces.exe
- 'tr####all.hol.es':80
- 'localhost':1035
- tr####all.hol.es/trftp/cmd.png
- DNS ASK tr####all.hol.es
- ClassName: 'Indicator' WindowName: ''