Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\dxtest] 'ImagePath' = '<SYSTEM32>\dxtest.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\ialdnwxf] 'ImagePath' = '<SYSTEM32>\superec.ProcessMemory.sys'
- '<SYSTEM32>\taskkill.exe' /f /DNF.exe.manifest
- '<SYSTEM32>\winlogon.exe'
- <SYSTEM32>\winlogon.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\1040387127[1]
- <SYSTEM32>\dxtest.sys
- <SYSTEM32>\superec.ProcessMemory.sys
- <SYSTEM32>\dxtest.sys
- <SYSTEM32>\superec.ProcessMemory.sys
- 'us##.#zone.qq.com':80
- 'localhost':1038
- http://us##.#zone.qq.com/1040387127
- DNS ASK us##.#zone.qq.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''