Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '135675014d5c9e265e280431f617b218' = '"%TEMP%\Taskhosts.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '135675014d5c9e265e280431f617b218' = '"%TEMP%\Taskhosts.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\135675014d5c9e265e280431f617b218.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\Taskhosts.exe' = '%TEMP%\Taskhosts.exe:*:Enabled:Taskhosts.exe'
- '%TEMP%\Taskhosts.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\Taskhosts.exe" "Taskhosts.exe" ENABLE
- %TEMP%\Taskhosts.exe
- 'al###.zapto.org':1176
- DNS ASK al###.zapto.org
- ClassName: 'Indicator' WindowName: '(null)'