Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ElldBin] 'Start' = '00000002'
- <SYSTEM32>\fe3n.exe
- <SYSTEM32>\fe3n.exe -s
- <SYSTEM32>\fe3n.exe -i
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\80fe.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\d6f8.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\183f.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\fef8.dll"
- <SYSTEM32>\rundll32.exe <SYSTEM32>\3fed.dll, Always
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\81k3.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\81k3.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\f8e0.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\fnen.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\d3cn.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\8df3.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\6d3e.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\dfff.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\3e16.dll"
- %TEMP%\ll9xgir\3.dll
- %TEMP%\ll9xgir\2.dll
- %TEMP%\ll9xgir\_uninstall
- <SYSTEM32>\83-105-7163
- <SYSTEM32>\02afc
- %TEMP%\ll9xgir\4.dll
- %TEMP%\ll9xgir\s.exe
- %TEMP%\ll9xgir\b.dll.zgx
- %TEMP%\ll9xgir\b.dll.zgx.tmp
- %TEMP%\ll9xgir\set.tmp
- %TEMP%\ll9xgir\s.exe.tmp
- %TEMP%\ll9xgir\p.dll.zgx
- %TEMP%\ll9xgir\p.dll.zgx.tmp
- %TEMP%\ll9xgir\set.tmp
- %TEMP%\ll9xgir\_uninstall
- %TEMP%\ll9xgir\s.exe.tmp
- %TEMP%\ll9xgir\b.dll.zgx.tmp
- %TEMP%\ll9xgir\p.dll.zgx.tmp
- '88#.#43call.cn':80
- '12#.##0304123.cn':80
- DNS ASK 88#.#43call.cn
- DNS ASK 12#.##0304123.cn
- DNS ASK ya###.com.cn