Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}] 'StubPath' = ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HKLM' = ''
- '<SYSTEM32>\rundll32.exe' dfdts.dll,DfdGetDefaultPolicyAndSMART
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\8001797[1].functions
- %APPDATA%\Roaming\Microsoft\Windows\((Mutex)).xtr
- %APPDATA%\Roaming\Microsoft\Windows\((Mutex)).dat
- %APPDATA%\Roaming\Microsoft\Windows\((Mutex)).cfg
- <SYSTEM32>\InstallDir\wln32.exe
- %APPDATA%\Roaming\Microsoft\Windows\((Mutex)).dat
- <SYSTEM32>\InstallDir\wln32.exe
- %APPDATA%\Roaming\Microsoft\Windows\((Mutex)).cfg
- 'we####ip.zapto.org':83
- 'we####ip.zapto.org':80
- 'we####ip.zapto.org':82
- 'localhost':58786
- 'we####ip.zapto.org':81
- we####ip.zapto.org/8001797.functions
- DNS ASK dn#.##ftncsi.com
- DNS ASK we####ip.zapto.org
- ClassName: 'Indicator' WindowName: '(null)'