Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Natio091] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Natio093] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Natio094] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Natio092] 'Start' = '00000002'
- %TEMP%\RarSFX0\dk9903.exe
- <SYSTEM32>\WinH092.exe
- <SYSTEM32>\WinH093.exe
- <SYSTEM32>\WinH091.exe
- %TEMP%\RarSFX0\dk9902.exe
- %TEMP%\RarSFX0\dk9904.exe
- %TEMP%\RarSFX0\DK9901.exe
- <SYSTEM32>\WinH094.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\wscript.exe "%TEMP%\RarSFX0\da1.vbs"
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\WinH092.exe
- <SYSTEM32>\WinH094.exe
- <SYSTEM32>\WinH093.exe
- <SYSTEM32>\WinH091.exe
- %TEMP%\RarSFX0\da1.vbs
- %TEMP%\RarSFX0\dk9902.exe
- %TEMP%\RarSFX0\DK9901.exe
- %TEMP%\RarSFX0\dk9904.exe
- %TEMP%\RarSFX0\dk9903.exe
- %TEMP%\RarSFX0\dk9903.exe
- %TEMP%\RarSFX0\da1.vbs
- %TEMP%\RarSFX0\DK9901.exe
- %TEMP%\RarSFX0\dk9904.exe
- %TEMP%\RarSFX0\dk9902.exe
- 'dk####.103ayzya.com':9901
- 'dk####.103ayzya.com':9903
- 'dk####.103ayzya.com':9904
- 'dk####.103ayzya.com':9902
- DNS ASK dk####.103ayzya.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''