Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'XXXXXX5BDCA51A' = '%WINDIR%\XXXXXX5BDCA51A\svchsot.exe'
- '%WINDIR%\Temp\server.exe'
- '%WINDIR%\Temp\xunzai.com_·иЕЈµД№ККВ.exe'
- %WINDIR%\Temp\xunzai.com_·иЕЈµД№ККВ.exe
- %WINDIR%\XXXXXX5BDCA51A\svchsot.exe
- %WINDIR%\Temp\phone[1].html
- %WINDIR%\Temp\server.exe
- 'localhost':8000
- '12#####464.f3322.org':8000
- DNS ASK 12#####464.f3322.org
- ClassName: '(null)' WindowName: '??????????????'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'