Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Secure] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\WindowsUpdate] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\smss] 'Start' = '00000002'
- <SYSTEM32>\Dap\mssvchost.exe -i Dap2.exe
- <SYSTEM32>\Dap\Dap.exe
- <SYSTEM32>\Dap\mssvchost.exe -i Dap1.exe
- <SYSTEM32>\Dap\smss.exe Dap.jpeg
- <SYSTEM32>\Dap\DiskInfo.exe
- <SYSTEM32>\Dap\mssvchost.exe -i Dap3.exe
- <SYSTEM32>\Dap\mssvchost.exe -s
- <SYSTEM32>\net1.exe share /delete U$
- <SYSTEM32>\net1.exe share /delete T$
- <SYSTEM32>\net1.exe share /delete W$
- <SYSTEM32>\net1.exe share /delete V$
- <SYSTEM32>\net1.exe share /delete S$
- <SYSTEM32>\net1.exe share /delete P$
- <SYSTEM32>\net1.exe share /delete O$
- <SYSTEM32>\net1.exe share /delete R$
- <SYSTEM32>\net1.exe share /delete Q$
- <SYSTEM32>\net1.exe stop messenger
- <SYSTEM32>\net.exe stop messenger
- <SYSTEM32>\net1.exe stop lanmanserver
- <SYSTEM32>\net.exe stop lanmanserver
- <SYSTEM32>\net1.exe share /delete IPC$
- <SYSTEM32>\net1.exe share /delete Y$
- <SYSTEM32>\net1.exe share /delete X$
- <SYSTEM32>\net1.exe share /delete ADMIN$
- <SYSTEM32>\net1.exe share /delete Z$
- <SYSTEM32>\net1.exe share /delete N$
- <SYSTEM32>\attrib.exe +H <SYSTEM32>\Dap
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\Dap\Secure.bat
- <SYSTEM32>\net1.exe share /delete D$
- <SYSTEM32>\net1.exe share /delete C$
- <SYSTEM32>\net1.exe start Secure
- %WINDIR%\regedit.exe /S <SYSTEM32>\Dap\MSUpdate.reg
- <SYSTEM32>\cmd.exe /c ""c:\kit\Kit.bat" "
- <SYSTEM32>\net1.exe start WindowsUpdate
- <SYSTEM32>\net1.exe start smss
- <SYSTEM32>\net1.exe share /delete K$
- <SYSTEM32>\net1.exe share /delete J$
- <SYSTEM32>\net1.exe share /delete M$
- <SYSTEM32>\net1.exe share /delete L$
- <SYSTEM32>\net1.exe share /delete I$
- <SYSTEM32>\net1.exe share /delete F$
- <SYSTEM32>\net1.exe share /delete E$
- <SYSTEM32>\net1.exe share /delete H$
- <SYSTEM32>\net1.exe share /delete G$
- C:\kit\DN\13
- C:\kit\DN\12
- C:\kit\DN\11
- C:\kit\DN\2
- C:\kit\DN\15
- C:\kit\DN\14
- C:\kit\DN\10
- C:\kit\DW\7
- C:\kit\DW\6
- C:\kit\DW\5
- C:\kit\DN\1
- C:\kit\DW\9
- C:\kit\DW\8
- <SYSTEM32>\Dap\Drives.txt
- <SYSTEM32>\Dap\Dap.jpeg
- <SYSTEM32>\Dap\ServUDaemon.ini
- <SYSTEM32>\Dap\ServUStartUpLog.txt
- <SYSTEM32>\Dap\Dap1
- C:\kit\DN\9
- C:\kit\DN\5
- C:\kit\DN\4
- C:\kit\DN\3
- C:\kit\DN\8
- C:\kit\DN\7
- C:\kit\DN\6
- C:\kit\DW\4
- C:\kit\mssvchost.exe
- C:\kit\mssvchost.dll
- C:\kit\mssvc.dtd
- C:\kit\Refresh_Xdcc.bat
- C:\kit\Refresh_FTP.bat
- C:\kit\Refresh.exe
- C:\kit\libxml2.dll
- C:\kit\Dap.exe
- C:\kit\cygwin1.dll
- C:\kit\5MB
- C:\kit\Kit.bat
- C:\kit\FireDaemonRT.dll
- C:\kit\DiskInfo.exe
- C:\kit\DW\14
- C:\kit\DW\13
- C:\kit\DW\12
- C:\kit\DW\3
- C:\kit\DW\2
- C:\kit\DW\15
- C:\kit\DW\11
- C:\kit\tar.exe
- C:\kit\SvcAdmin.dll
- C:\kit\smss.exe
- C:\kit\DW\10
- C:\kit\DW\1
- C:\kit\Windows.mp3
- C:\kit\DN\10
- C:\kit\DN\11
- C:\kit\DN\9
- C:\kit\DN\7
- C:\kit\DN\8
- C:\kit\DN\15
- <SYSTEM32>\Dap\Delete.bat
- C:\kit\DN\14
- C:\kit\DN\12
- C:\kit\DN\13
- C:\kit\DN\6
- <SYSTEM32>\Dap\MSUpdate.reg
- <SYSTEM32>\Dap\ServUStartUpLog.txt
- <SYSTEM32>\Dap\DiskInfo.exe
- <SYSTEM32>\Dap\WBotName.bat
- <SYSTEM32>\Dap\WDap.bat
- C:\kit\DN\4
- C:\kit\DN\5
- C:\kit\DN\3
- C:\kit\DN\1
- C:\kit\DN\2
- 'localhost':1104
- 'localhost':1102
- 'localhost':1107
- 'localhost':1111
- 'localhost':1109
- 'localhost':1100
- 'localhost':1090
- 'localhost':1088
- 'localhost':1093
- 'localhost':1097
- 'localhost':1095
- 'localhost':1114
- 'localhost':1132
- 'localhost':1130
- 'localhost':1135
- 'localhost':1139
- 'localhost':1137
- 'localhost':1128
- 'localhost':1118
- 'localhost':1116
- 'localhost':1121
- 'localhost':1125
- 'localhost':1123
- 'localhost':1051
- 'localhost':1048
- 'localhost':1053
- 'localhost':1058
- 'localhost':1055
- 'localhost':1046
- 'localhost':1037
- 'ir#.##lls-net.org':6667
- 'localhost':1039
- 'localhost':1044
- 'localhost':1041
- 'localhost':1060
- 'localhost':1079
- 'localhost':1076
- 'localhost':1081
- 'localhost':1086
- 'localhost':1083
- 'localhost':1074
- 'localhost':1065
- 'localhost':1062
- 'localhost':1067
- 'localhost':1072
- 'localhost':1069
- DNS ASK ir#.##lls-net.org
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''