Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\64mx6F] 'ImagePath' = '<DRIVERS>\64mx6F.sys'
- <Полный путь к файлу>
- <DRIVERS>\64mx6F.sys
- C:\wh.ini
- %TEMP%\3.tmp
- %TEMP%\1.tmp
- %TEMP%\2.tmp
- %TEMP%\3.tmp
- <DRIVERS>\64mx6F.sys
- %TEMP%\1.tmp
- %TEMP%\2.tmp
- 'localhost':1041
- 'up####2.zichaob.com':80
- 'up########38634.file.myqcloud.com':80
- '11#.#47.101.20':9625
- '12##.ip138.com':80
- '12#.#49.255.11':9625
- '42.##.203.153':9625
- http://up########38634.file.myqcloud.com/8899/IP8899.txt?_=######
- http://up####2.zichaob.com/8899/IP8899.txt?_=######
- http://12##.ip138.com/ic.asp
- DNS ASK up########38634.file.myqcloud.com
- DNS ASK up####2.zichaob.com
- DNS ASK 12##.ip138.com
- ClassName: 'Shell_TrayWnd' WindowName: ''