Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{CF041A1C-F3C4-23FC-B587-9149DD6D6D03}] 'stubpath' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\winlogon.exe' = '<SYSTEM32>\winlogon.exe:*:enabled:@shell32.dll,-1'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %WINDIR%\Explorer.EXE
- %WINDIR%\xD\xD.exe
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'ek.#ampo.at':80
- 'nh##lu.com':443
- 'li##qh.com':443
- 'mk.#imbs.ru':80
- 'to####os.zapto.org':81
- DNS ASK ek.#ampo.at
- DNS ASK nh##lu.com
- DNS ASK li##qh.com
- DNS ASK mk.#imbs.ru
- DNS ASK to####os.zapto.org