Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WindowsTD' = '"%APPDATA%\svchost\svchost.exe"'
- '%TEMP%\svchost.exe' ""-h 178.216.201.236 -p 531""
- '%TEMP%\svchost.exe'
- %TEMP%\nsl4.tmp
- %TEMP%\nsj5.tmp\nbqMYpafhBACcGyjNmx
- %TEMP%\nsj5.tmp\cdc.dll
- %TEMP%\svchost.exe
- %TEMP%\nsw2.tmp\System.dll
- %APPDATA%\svchost\svchost.exe
- %APPDATA%\svchost\svchost
- %TEMP%\nsj5.tmp\cdc.dll
- %TEMP%\nsw2.tmp\System.dll
- '17#.#16.201.236':531
- ClassName: 'Indicator' WindowName: '(null)'