Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\AnSafeSer] 'Start' = '00000002'
- '<SYSTEM32>\68d3a.exe'
- '<SYSTEM32>\68d3a.exe' -s
- '<SYSTEM32>\68d3a.exe' -i
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\f68a.dll"
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\ffa.dll,Always
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\b7f1.dll"
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\f68a.dll"
- %TEMP%\z0nu\3.dll
- %TEMP%\z0nu\2.dll
- %TEMP%\z0nu\_uninstall
- %TEMP%\z0nu\4.dll
- <SYSTEM32>\83-105-7163
- <SYSTEM32>\02afc
- <SYSTEM32>\f68a.dll
- %TEMP%\z0nu\b.dll.zgx
- %TEMP%\z0nu\b.dll.zgx.tmp
- %TEMP%\z0nu\s.tmp
- %TEMP%\z0nu\p.dll.zgx.tmp
- %TEMP%\z0nu\s.exe
- %TEMP%\z0nu\s.exe.tmp
- %TEMP%\z0nu\p.dll.zgx
- %TEMP%\z0nu\s.tmp
- %TEMP%\z0nu\_uninstall
- %TEMP%\z0nu\s.exe.tmp
- %TEMP%\z0nu\b.dll.zgx.tmp
- %TEMP%\z0nu\p.dll.zgx.tmp
- %TEMP%\z0nu\3.dll в %WINDIR%\33ba.exe
- %TEMP%\z0nu\b.dll в <SYSTEM32>\f68a.dll
- %TEMP%\z0nu\4.dll в %WINDIR%\3b7fa.txt
- %TEMP%\z0nu\s.exe в <SYSTEM32>\68d3a.exe
- %TEMP%\z0nu\p.dll.zgx в %TEMP%\z0nu\p.dll
- %TEMP%\z0nu\b.dll.zgx в %TEMP%\z0nu\b.dll
- %TEMP%\z0nu\2.dll в %WINDIR%\03a.bmp
- %TEMP%\z0nu\p.dll в <SYSTEM32>\ffa.dll
- '12#.##0304123.cn':80
- '88#.#43call.cn':80
- DNS ASK 12#.##0304123.cn
- DNS ASK 88#.#43call.cn
- DNS ASK ya###.com.cn