Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Svchost' = '"%APPDATA%\svchost.exe"'
- '%TEMP%\svchost.exe' "" -h 178.216.201.236 -p 531""
- '%TEMP%\svchost.exe'
- %TEMP%\nsx5.tmp\nbqMYpafhBACcGyjNmx
- %TEMP%\nsx5.tmp\cdc.dll
- %TEMP%\nsq4.tmp
- %APPDATA%\svchost.exe
- %TEMP%\svchost.exe
- %TEMP%\nsx5.tmp\cdc.dll
- '17#.#16.201.236':531