Техническая информация
- %WINDIR%\Tasks\ms.job
- [<HKLM>\SYSTEM\ControlSet001\Services\MacroAdser] 'Start' = '00000002'
- '<SYSTEM32>\655d.exe'
- '<SYSTEM32>\655d.exe' -s
- '<SYSTEM32>\655d.exe' -i
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\519r.dll"
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\519r.dll"
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\391s.dll,Always
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\391s.dll, Always
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\39cf.dll"
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\4fb5.dll"
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\f3i9.dll"
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\56lb.dll"
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\26d3.dll"
- %TEMP%\h8nil4o8\4.dll
- %TEMP%\h8nil4o8\3.dll
- <SYSTEM32>\02afc
- <SYSTEM32>\83-105-7163
- %TEMP%\h8nil4o8\2.dll
- %TEMP%\h8nil4o8\b.dll
- %TEMP%\h8nil4o8\z.lz
- %TEMP%\h8nil4o8\s.exe
- %TEMP%\h8nil4o8\p.dll
- %TEMP%\h8nil4o8\z.lz
- %TEMP%\h8nil4o8\3.dll в %WINDIR%\2b4d.exe
- %TEMP%\h8nil4o8\s.exe в <SYSTEM32>\655d.exe
- %TEMP%\h8nil4o8\4.dll в %WINDIR%\532d.flv
- %TEMP%\h8nil4o8\p.dll в <SYSTEM32>\391s.dll
- %TEMP%\h8nil4o8\2.dll в %WINDIR%\5d1u.bmp
- %TEMP%\h8nil4o8\b.dll в <SYSTEM32>\519r.dll
- '12#.##0304123.cn':80
- DNS ASK 12#.##0304123.cn
- DNS ASK ya###.com.cn