Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\MSCCom] 'Start' = '00000002'
- <SYSTEM32>\bhf2.exe -s -i
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\cfgb.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\cegb.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\cdgb.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\cggb.dll"
- <SYSTEM32>\rundll32.exe <SYSTEM32>\chhc.dll, Always
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\chgb.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\chgb.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\ccbb.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\ccba.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\c671.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\cgb.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\ccgb.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\cbgb.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\cagb.dll"
- %TEMP%\vkyny9d\3.dll
- %TEMP%\vkyny9d\2.dll
- %TEMP%\vkyny9d\_uninstall
- <SYSTEM32>\8977-16
- <SYSTEM32>\3c47
- %TEMP%\vkyny9d\4.dll
- %TEMP%\vkyny9d\s.exe
- %TEMP%\vkyny9d\b.dll.zgx
- %TEMP%\vkyny9d\b.dll.zgx.tmp
- %TEMP%\vkyny9d\set.tmp
- %TEMP%\vkyny9d\s.exe.tmp
- %TEMP%\vkyny9d\p.dll.zgx
- %TEMP%\vkyny9d\p.dll.zgx.tmp
- %TEMP%\vkyny9d\set.tmp
- %TEMP%\vkyny9d\_uninstall
- %TEMP%\vkyny9d\s.exe.tmp
- %TEMP%\vkyny9d\b.dll.zgx.tmp
- %TEMP%\vkyny9d\p.dll.zgx.tmp
- '12#.##0304123.cn':80
- '88#.#43call.cn':80
- 12#.##0304123.cn/ue000/38sw.e?ui#########################
- 88#.#43call.cn/minidll.txt
- DNS ASK 12#.##0304123.cn
- DNS ASK 88#.#43call.cn
- DNS ASK ya###.com.cn