Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptbozy] 'Startup' = 'ServiceMain'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptbozy] 'DllName' = ''
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\winlogon.exe
- <SYSTEM32>\xlinks.dll
- <SYSTEM32>\xlinks.dll
- 'www.yu##nu.cn':80
- 'bo####08.3322.org':80
- 'ha####zy.3322.org':80
- 'www.zi##ee.cn':80
- www.yu##nu.cn/count.asp
- bo####08.3322.org/count.asp
- ha####zy.3322.org/count.asp
- www.zi##ee.cn/count.asp
- DNS ASK www.yu##nu.cn
- DNS ASK bo####08.3322.org
- DNS ASK ha####zy.3322.org
- DNS ASK www.zi##ee.cn