Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ms_2fax] 'Start' = '00000002'
- '<SYSTEM32>\7f061.exe'
- '<SYSTEM32>\7f061.exe' -s
- '<SYSTEM32>\7f061.exe' -i
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\b7f1.dll"
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\b7f1.dll"
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\3b1.dll,Always
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\b7f.dll"
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\_bho.dll"
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\91ff.dll"
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\e033.dll"
- %WINDIR%\79c1.exe
- <SYSTEM32>\b7f1.dll
- %WINDIR%\971.bmp
- <SYSTEM32>\7f061.exe
- <SYSTEM32>\83-105-7163
- <SYSTEM32>\02afc
- %WINDIR%\9cea1.txt
- %TEMP%\_Inst.dll
- %TEMP%\_play.dll
- %TEMP%\nsh2.tmp
- %TEMP%\_BHO.dll
- <SYSTEM32>\3b1.dll
- %TEMP%\nsy3.tmp\System.dll
- %TEMP%\_ser.exe
- '21#.#48.38.240':80
- DNS ASK so##.com
- DNS ASK 84##.#70304123.cn
- DNS ASK 16#.com
- DNS ASK ya###.com.cn
- DNS ASK 12#.##0304123.cn
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'