Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'tbqzojta' = '"%APPDATA%\Microsoft\Lzapnmnm\lzapnmnm.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CTFMON.EXE' = '"%APPDATA%\Microsoft\Lzapnmnm\lzapnmnm.exe" /c <SYSTEM32>\ctfmon.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\zofiphhe] 'Start' = '00000002'
- '%APPDATA%\Microsoft\Lzapnmnm\lzapnmnm.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\ping.exe' -n 10 localhost
- %WINDIR%\Explorer.EXE
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '2500' = '00000003'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '2500' = '00000003'
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\user.js
- %APPDATA%\Microsoft\Lzapnmnm\lzapnmn.dll
- %APPDATA%\Microsoft\Lzapnmnm\lzapnmnm.exe
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'st####.bradcole-la.com':80
- st####.bradcole-la.com/kd/kd.php
- DNS ASK st####.bradcole-la.com
- ClassName: 'Indicator' WindowName: ''