Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\zona server.lnk
- %HOMEPATH%\Start Menu\Programs\Startup\windrive.lnk
- '%TEMP%\zona.exe'
- 'C:\Users\%USERNAME%\AppData\Roaming\Zona\host connection.exe'
- '%TEMP%\s.exe'
- '%HOMEPATH%\Desktop\AntiBanNEW1.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ztmp\t24927.bat" "C:\Users\%USERNAME%\AppData\Roaming\Zona\host connection.exe" "
- %TEMP%\ztmp\t24927.bat
- C:\Users\%USERNAME%\AppData\Roaming\Zona\windows_servises.exe
- C:\Users\%USERNAME%\AppData\Roaming\Zona\pthreadGC2-w64.dll
- %TEMP%\ztmp\t24979.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\1[1].php
- C:\2.php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\1[1].php
- %TEMP%\zona.exe
- %HOMEPATH%\Desktop\AntiBanNEW1.exe
- %TEMP%\s.exe
- C:\Users\UserName\AppData\Roaming\WinData\config-sample-1.ini
- C:\Users\%USERNAME%\AppData\Roaming\Zona\libcurl-4.dll
- C:\Users\%USERNAME%\AppData\Roaming\Zona\host connection.exe
- C:\Users\UserName\AppData\Roaming\WinData\ProcessHide-x64.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\1[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\1[1].php
- 'cr###-way.ru':80
- cr###-way.ru/1.php
- DNS ASK cr###-way.ru
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'