Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'XXXXXX97879920' = '%WINDIR%\XXXXXX97879920\svchsot.exe'
- '%TEMP%\PopK.dll' -w REG -p PopKout -r TestOut -f 0:*=*:*:udp -n BLOCK
- '%WINDIR%\Temp\server.exe'
- '%WINDIR%\Temp\¶ПНш№¤ѕЯ.exe'
- %TEMP%\PopK.dll
- %WINDIR%\Temp\¶ПНш№¤ѕЯ.exe
- %WINDIR%\Temp\server.exe
- %WINDIR%\Temp\server.exe в %WINDIR%\XXXXXX97879920\svchsot.exe
- 'localhost':8000
- 'as####5.vicp.net':8000
- DNS ASK as####5.vicp.net
- ClassName: '(null)' WindowName: '??????????????'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'