Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%APPDATA%\fwswko.exe'
- '%TEMP%\0'
- %WINDIR%\Explorer.EXE
- %APPDATA%\fwswko.exe
- %TEMP%\0
- %APPDATA%\fwswko.exe
- DNS ASK pe####ikones.com
- DNS ASK na###azes.com
- 'pe####ikones.com':60480
- 'na###azes.com':60480
- ClassName: 'Progman' WindowName: '(null)'