Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\LLZD] 'Start' = '00000002'
- <SYSTEM32>\cmd.exe /c """%TEMP%\llzsdelself.bat"" "
- <SYSTEM32>\svchost.exe -k netsvcs
- %TEMP%\llzsdelself.bat
- <SYSTEM32>\llzdll.log
- <SYSTEM32>\llzdl.exe
- <SYSTEM32>\llzd.dll
- DNS ASK ca#.##teye911.cn
- 'ca#.##teye911.cn':8890