Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\RealServer] 'Start' = '00000002'
- <SYSTEM32>\f165a.exe
- <SYSTEM32>\f165a.exe -s
- <SYSTEM32>\f165a.exe -i
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\9f1a.dll"
- <SYSTEM32>\rundll32.exe <SYSTEM32>\99a.dll,Always
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\5d11.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\9f1a.dll"
- %TEMP%\gohjge\3.dll
- %TEMP%\gohjge\2.dll
- %TEMP%\gohjge\_uninstall
- <SYSTEM32>\02afc
- <SYSTEM32>\83-105-7163
- %TEMP%\gohjge\4.dll
- %TEMP%\gohjge\s.exe
- %TEMP%\gohjge\b.dll.zgx
- %TEMP%\gohjge\b.dll.zgx.tmp
- %TEMP%\gohjge\set.tmp
- %TEMP%\gohjge\s.exe.tmp
- %TEMP%\gohjge\p.dll.zgx
- %TEMP%\gohjge\p.dll.zgx.tmp
- %TEMP%\gohjge\set.tmp
- %TEMP%\gohjge\_uninstall
- %TEMP%\gohjge\s.exe.tmp
- %TEMP%\gohjge\b.dll.zgx.tmp
- %TEMP%\gohjge\p.dll.zgx.tmp
- %TEMP%\gohjge\3.dll в %WINDIR%\b45a.exe
- %TEMP%\gohjge\b.dll в <SYSTEM32>\9f1a.dll
- %TEMP%\gohjge\4.dll в %WINDIR%\45d1a.txt
- %TEMP%\gohjge\s.exe в <SYSTEM32>\f165a.exe
- %TEMP%\gohjge\p.dll.zgx в %TEMP%\gohjge\p.dll
- %TEMP%\gohjge\b.dll.zgx в %TEMP%\gohjge\b.dll
- %TEMP%\gohjge\2.dll в %WINDIR%\2ba.bmp
- %TEMP%\gohjge\p.dll в <SYSTEM32>\99a.dll
- '12#.##0304123.cn':80
- '88#.#43call.cn':80
- DNS ASK 12#.##0304123.cn
- DNS ASK 88#.#43call.cn
- DNS ASK ya###.com.cn