Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'XXXXXXE5026A3C' = '%WINDIR%\XXXXXXE5026A3C.exe'
- %TEMP%\RarSFX0\ProgramData.exe
- C:\Minecraft_Server.exe
- C:\ProgramData.exe
- %TEMP%\RarSFX0\ProgramData.exe
- %WINDIR%\XXXXXXE5026A3C.exe
- C:\ProgramData.exe
- C:\Minecraft_Server.exe
- 'k1#.#ytes.net':8000
- DNS ASK k1#.#ytes.net
- ClassName: '' WindowName: '??????????????'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''