Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\baby] 'ImagePath' = '<SYSTEM32>\PastS8s8S.sys'
- %TEMP%\E_N30005\internet.fne
- %TEMP%\E_N30005\HtmlView.fne
- <SYSTEM32>\PastS8s8S.sys
- %TEMP%\E_N30005\EThread.fne
- %TEMP%\E_N30005\krnln.fnr
- %TEMP%\E_N30005\eNetIntercept.fne
- %TEMP%\E_N30005\EDataStructure.fne
- <SYSTEM32>\PastS8s8S.sys
- 'localhost':1041
- 'www.ap##elt.com':80
- 'a1######625.blog.163.com':80
- http://www.ap##elt.com/gengxin/
- http://www.ap##elt.com/BC/yulewang/haha.txt
- http://a1######625.blog.163.com/blog/static/235418057201563195930236/
- DNS ASK www.ap##elt.com
- DNS ASK a1######625.blog.163.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''