Техническая информация
- %WINDIR%\Tasks\ms.job
- [<HKLM>\SYSTEM\ControlSet001\Services\NokcSys] 'Start' = '00000002'
- <SYSTEM32>\22r0.exe -s -i
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\82le.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\d2d0.dll"
- <SYSTEM32>\rundll32.exe <SYSTEM32>\d0e5.dll, Always
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\82le.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\b0d5.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\c2bd.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\5cb8.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\c0id.dll"
- %TEMP%\o701lf\3.dll
- %TEMP%\o701lf\2.dll
- %TEMP%\o701lf\_uninstall
- <SYSTEM32>\8977-16
- <SYSTEM32>\3c47
- %TEMP%\o701lf\4.dll
- %TEMP%\o701lf\s.exe
- %TEMP%\o701lf\b.dll.zgx
- %TEMP%\o701lf\b.dll.zgx.tmp
- %TEMP%\o701lf\st.tmp
- %TEMP%\o701lf\s.exe.tmp
- %TEMP%\o701lf\p.dll.zgx
- %TEMP%\o701lf\p.dll.zgx.tmp
- %TEMP%\o701lf\st.tmp
- %TEMP%\o701lf\_uninstall
- %TEMP%\o701lf\s.exe.tmp
- %TEMP%\o701lf\b.dll.zgx.tmp
- %TEMP%\o701lf\p.dll.zgx.tmp
- '12#.##0304123.cn':80
- 12#.##0304123.cn/ue000/38sw.e?ui#########################
- DNS ASK 12#.##0304123.cn
- DNS ASK ya###.com.cn