Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%APPDATA%\bowcav.exe'
- %WINDIR%\Explorer.EXE
- %APPDATA%\bowcav.exe
- %APPDATA%\bowcav.exe
- DNS ASK ff.####2012tgame.com
- DNS ASK ff.##ikgame.com
- 'ff.####2012tgame.com':9345
- 'ff.##ikgame.com':9345
- ClassName: 'Progman' WindowName: ''