Техническая информация
- %WINDIR%\Tasks\ms.job
- [<HKLM>\SYSTEM\ControlSet001\Services\Media_Ser] 'Start' = '00000002'
- <SYSTEM32>\d3re.exe
- <SYSTEM32>\d3re.exe -s
- <SYSTEM32>\d3re.exe -i
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\0dde.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\36b1.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\1dl3.dll"
- <SYSTEM32>\rundll32.exe <SYSTEM32>\fee3.dll, Always
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\1dl3.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\83n6.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\d8m3.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\63b0.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\6eif.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\8ed3.dll"
- %TEMP%\kqwxfr6c\3.dll
- %TEMP%\kqwxfr6c\2.dll
- %TEMP%\kqwxfr6c\_uninstall
- <SYSTEM32>\83-105-7163
- <SYSTEM32>\02afc
- %TEMP%\kqwxfr6c\4.dll
- %TEMP%\kqwxfr6c\s.exe
- %TEMP%\kqwxfr6c\b.dll.zgx
- %TEMP%\kqwxfr6c\b.dll.zgx.tmp
- %TEMP%\kqwxfr6c\set.tmp
- %TEMP%\kqwxfr6c\s.exe.tmp
- %TEMP%\kqwxfr6c\p.dll.zgx
- %TEMP%\kqwxfr6c\p.dll.zgx.tmp
- %TEMP%\kqwxfr6c\set.tmp
- %TEMP%\kqwxfr6c\_uninstall
- %TEMP%\kqwxfr6c\s.exe.tmp
- %TEMP%\kqwxfr6c\b.dll.zgx.tmp
- %TEMP%\kqwxfr6c\p.dll.zgx.tmp
- '12#.##0304123.cn':80
- DNS ASK 12#.##0304123.cn
- DNS ASK ya###.com.cn
- '<IP-адрес в локальной сети>':1035