Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{0BYX214E-C1G3-7SH1-Q42Q-E66V78G5PK1I}] 'StubPath' = '<SYSTEM32>\XUnknown\%TEMP%.exe restart'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{0BYX214E-C1G3-7SH1-Q42Q-E66V78G5PK1I}] 'StubPath' = '<SYSTEM32>\XUnknown\%TEMP%.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'windeploy' = '<SYSTEM32>\XUnknown\%TEMP%.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'windeploy' = '<SYSTEM32>\XUnknown\%TEMP%.exe'
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\svchost.exe'
- %WINDIR%\explorer.exe
- <SYSTEM32>\XUnknown\%TEMP%.exe
- 'xu####wn.zapto.org':509
- 'localhost':1036
- DNS ASK xu####wn.zapto.org