Техническая информация
- 'C:\server.exe'
- 'C:\ztfeixuedufu.exe'
- '<SYSTEM32>\sc.exe' delete cryptsvc
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\abc.bat
- '<SYSTEM32>\net1.exe' stop cryptsvc
- '<SYSTEM32>\taskkill.exe' /f /im zhengtu.dat /T
- '<SYSTEM32>\net.exe' stop cryptsvc
- '<SYSTEM32>\sc.exe' config cryptsvc start= disabled
- <SYSTEM32>\abc.dll
- <SYSTEM32>\abc.bat
- C:\ztfeixuedufu.exe
- C:\server.exe
- <SYSTEM32>\ksuser.dll
- <SYSTEM32>\abc.dll в <SYSTEM32>\ksuser.dll
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''