Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HKLM' = '%WINDIR%\InstallDir\Server.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = '%WINDIR%\InstallDir\Server.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{8LCPYPKT-GNM7-V7YB-1442-J0485DQJDQ8M}] 'StubPath' = '%WINDIR%\InstallDir\Server.exe restart'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\Userinit.exe,C:\DOCUME~1\%USERNAME%\LOCALS~1\Temp\crohome.exe'
- %WINDIR%\InstallDir\Server.exe
- %TEMP%\crohome.exe
- %WINDIR%\InstallDir\Server.exe
- %TEMP%\crohome.exe
- %TEMP%\crohome.exe
- %TEMP%\crohome.exe
- 'localhost':1037
- 're####.zapto.org':81
- DNS ASK re####.zapto.org
- '<Полный путь к файлу>'
- '<SYSTEM32>\svchost.exe'
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE'