Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'XXXXXXC5128329' = '%WINDIR%\XXXXXXC5128329\svchsot.exe'
- 'C:\test.exe' (загружен из сети Интернет)
- 'C:\test.exe'
- %WINDIR%\XXXXXXC5128329\svchsot.exe
- C:\test.exe
- 'gu####.codns.com':8000
- 'localhost':8000
- 'localhost':1036
- 'ne####.dothome.co.kr':80
- http://ne####.dothome.co.kr/spooIsv.exe
- DNS ASK gu####.codns.com
- DNS ASK ne####.dothome.co.kr
- ClassName: '' WindowName: 'ИрРЗіМРтЙэј¶ЦР'
- ClassName: '' WindowName: '??????????????'