Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\VMserfdvices] 'Start' = '00000002'
- %WINDIR%\ztop\server.exe
- <SYSTEM32>\panp.exe
- %WINDIR%\Web\win\8\Rar.exe e -y -ping %WINDIR%\web\win\8\ma.rar %WINDIR%\ztop\
- %WINDIR%\ztop\lsass.exe
- <SYSTEM32>\ping.exe 127.0.0.1 -n 3
- <SYSTEM32>\wscript.exe "%WINDIR%\web\win\8\ok.vbs"
- <SYSTEM32>\taskkill.exe /f /im KSafeTray.exe
- <SYSTEM32>\cmd.exe /c %WINDIR%\Web\win\8\1.bat
- <SYSTEM32>\cmd.exe /c %WINDIR%\11a.bat
- %WINDIR%\regedit.exe /s %WINDIR%\web\win\8\qidong.reg
- %WINDIR%\ztop\lsass.exe
- %WINDIR%\11a.bat
- %WINDIR%\Web\win\8\Rar.exe
- %WINDIR%\ztop\server.exe
- <Текущая директория>\evpxksjjtt
- <SYSTEM32>\panp.exe
- <SYSTEM32>\yjsoft.ini
- %WINDIR%\Web\win\8\qidong.reg
- %WINDIR%\Web\win\8\2.bat
- %WINDIR%\Web\win\8\1.bat
- %WINDIR%\Web\win\8\aa.bat
- %WINDIR%\Web\win\8\ok.vbs
- %WINDIR%\Web\win\8\ma.rar
- %WINDIR%\Web\win\8\aa.vbs
- <SYSTEM32>\panp.exe
- <Текущая директория>\evpxksjjtt
- %WINDIR%\ztop\server.exe
- %TEMP%\~DFC485.tmp
- %WINDIR%\Web\win\8\ok.vbs
- 'gh###.ddoshack.com':3530
- 'dk.##oshack.com':1691
- DNS ASK gh###.ddoshack.com
- DNS ASK dk.##oshack.com
- ClassName: '' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''