Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'xset' = '%WINDIR%\SysWOW64\xset\himckg.exe'
- %WINDIR%\syswow64\xset\himckg.exe
- '68.##8.144.9':80
- ClassName: '' WindowName: 'Warning: Components Have Changed'
- ClassName: '' WindowName: 'Hidden Process Requests Network Access'
- ClassName: '' WindowName: 'Windows Security Alert'
- ClassName: '' WindowName: 'Create rule for HIMCKG.EXE'
- ClassName: '' WindowName: 'Г‚Гèìà ГГЁГҐ: Гåêîòîðûå êîìïîГГҐГГІГ» èçìåГèëèñü'
- ClassName: '' WindowName: 'Ñêðûòûé ïðîöåññ çà ïðà øèâà åò ñåòåâîé äîñòóï'
- ClassName: '' WindowName: 'AnVir Task Manager'
- ClassName: '' WindowName: 'Ñîçäà òü ïðà âèëî äëÿ HIMCKG.EXE'
- ClassName: '' WindowName: 'ÎïîâåùåГГЁГҐ ñèñòåìû áåçîïà ñГîñòè Windows'
- ClassName: '' WindowName: 'PermissionDlg'
- ClassName: '' WindowName: '&Unblock'
- '%WINDIR%\syswow64\xset\himckg.exe' <Полный путь к файлу>
- '%WINDIR%\syswow64\xset\himckg.exe' <Полный путь к файлу>' (со скрытым окном)
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%WINDIR%\syswow64\xset\himckg.ex...