Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ctfmone' = '%WINDIR%\dxgov.exe'
- '%WINDIR%\dxgov.exe'
- '<SYSTEM32>\reg.exe' ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v ctfmone /t REG_EXPAND_SZ /d "%WINDIR%\dxgov.exe" /f
- %WINDIR%\dxgoved.exe
- %WINDIR%\dxgov.exe
- 'la###.zapto.org':50001
- DNS ASK la###.zapto.org
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''