Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\Ghijkl] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Ghijkl] 'ImagePath' = '%WINDIR%\cresa.exe'
- %PROGRAMDATA%\arphacrashreport.exe
- %PROGRAMDATA%\arphadump.dll
- %PROGRAMDATA%\@æô¶¯1515.exe
- %WINDIR%\arphadump.dll
- %WINDIR%\cresa.exe
- %PROGRAMDATA%\@æô¶¯1515.exe
- %PROGRAMDATA%\arphacrashreport.exe в %WINDIR%\syswow64\1049765.bak
- '12#.#34.56.155':10000
- '15#.#09.244.28':1996
- DNS ASK vi###000a.com
- '%PROGRAMDATA%\arphacrashreport.exe'
- '%PROGRAMDATA%\@æô¶¯1515.exe'
- '%WINDIR%\cresa.exe'
- '%WINDIR%\cresa.exe' Win7