Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = 'C:\RECYCLER\S-1-5-21-5141620091-2285238592-251619314-6427\rundll32.exe'
- System
- %WINDIR%\Explorer.EXE
- C:\RECYCLER\S-1-5-21-5141620091-2285238592-251619314-6427\rundll32.exe
- C:\RECYCLER\S-1-5-21-5141620091-2285238592-251619314-6427\Desktop.ini
- C:\RECYCLER\S-1-5-21-5141620091-2285238592-251619314-6427\rundll32.exe
- DNS ASK PP###lper.com
- DNS ASK ho###ows.org
- 'pp###lper.com':7006
- 'ho###ows.org':7006