Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%WINDIR%\servicce.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '<SYSTEM32>\procces.exe'
- %WINDIR%\servicce.exe
- <SYSTEM32>\procces.exe
- 'co#####les.zapto.org':80
- co#####les.zapto.org/catalogos.php
- DNS ASK co#####les.zapto.org