Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinADom] 'Start' = '00000002'
- <SYSTEM32>\8ofd.exe
- <SYSTEM32>\8ofd.exe -s
- <SYSTEM32>\8ofd.exe -i
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\6mg8.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\6lg8.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\6kg8.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\6ng8.dll"
- <SYSTEM32>\rundll32.exe <SYSTEM32>\foh6.dll, Always
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\6og8.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\6og8.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\6jg8.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\6eg8.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\6dg8.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\6cg8.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\6fg8.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\6ig8.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\6hg8.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\6gg8.dll"
- %TEMP%\txe4s6\3.dll
- %TEMP%\txe4s6\2.dll
- %TEMP%\txe4s6\_uninstall
- <SYSTEM32>\02afc
- <SYSTEM32>\83-105-7163
- %TEMP%\txe4s6\4.dll
- %TEMP%\txe4s6\s.exe
- %TEMP%\txe4s6\b.dll.zgx
- %TEMP%\txe4s6\b.dll.zgx.tmp
- %TEMP%\txe4s6\set.tmp
- %TEMP%\txe4s6\s.exe.tmp
- %TEMP%\txe4s6\p.dll.zgx
- %TEMP%\txe4s6\p.dll.zgx.tmp
- %TEMP%\txe4s6\set.tmp
- %TEMP%\txe4s6\_uninstall
- %TEMP%\txe4s6\s.exe.tmp
- %TEMP%\txe4s6\b.dll.zgx.tmp
- %TEMP%\txe4s6\p.dll.zgx.tmp
- '12#.##0304123.cn':80
- '88#.#43call.cn':80
- DNS ASK 12#.##0304123.cn
- DNS ASK 88#.#43call.cn
- DNS ASK ya###.com.cn