Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft' = '%APPDATA%\WinRAR\Server.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft® Windows® Operativsystem' = '%TEMP%\load.exe.exe'
- '%APPDATA%\WinRAR\Server.exe'
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Microsoft® Windows® Operativsystem" /t REG_SZ /d "%TEMP%\load.exe.exe
- %APPDATA%\WinRAR\Server.exe
- %TEMP%\load.exe.exe
- 'no####ms.zapto.org':1234
- '74.##5.232.51':80
- 'wp#d':80
- 74.##5.232.51/
- wp#d/wpad.dat
- DNS ASK google.com
- DNS ASK wp#d
- DNS ASK no####ms.zapto.org
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'